Product

About the AWS WAF

AWS WAF (Web Application Firewall) is a cloud-native security service that helps protect web applications and APIs from common web exploits and bots that could affect availability, compromise security, or consume excessive resources. It operates at Layer 7 (the application layer) and allows users to create customizable security rules that inspect incoming HTTP(S) requests. These rules can block, allow, or count web requests based on conditions such as IP addresses, HTTP headers and body, URI paths, query strings, SQL injection patterns, cross-site scripting (XSS) patterns, geographic origin, and request size. AWS WAF integrates seamlessly with other AWS services like Amazon CloudFront, Application Load Balancer (ALB), Amazon API Gateway, AWS AppSync, AWS App Runner, Amazon Cognito user pools, and AWS Verified Access instances, providing protection at the network edge or closer to the origin. It offers pre-configured AWS Managed Rules for common threats, as well as the ability to create custom rules and leverage third-party managed rules from the AWS Marketplace.