Posted On: Nov 5, 2018

You can now enable AWS WAF for your APIs in Amazon API Gateway, making it easier to protect your APIs against common web exploits.

AWS WAF is a web application firewall that helps protect your web applications and APIs from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on customizable rules and conditions that you define.

You can use AWS WAF for your Amazon API Gateway APIs to protect from attacks such as SQL injection and Cross-Site Scripting (XSS). Additionally, you can filter web requests based on IP address, geographic area, request size, and/or string or regular expression patterns using the rules. You can put these conditions on HTTP headers or body of the request itself, allowing you to create complex rules to block attacks from specific user-agents, bad bots, or content scrapers. You can also take advantage of Managed Rules from AWS Marketplace to get immediate protections for your APIs from common threats, such as OWASP Top 10 security risks and Common Vulnerabilities and Exposures (CVE).

Support for AWS WAF with Amazon API Gateway is available in US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), EU (Ireland), EU (Frankfurt), Asia Pacific (Sydney) and Asia Pacific (Tokyo) regions. For more information on Amazon API Gateway visit our product page. To learn about AWS WAF, please click here.

You can learn more about how to enable AWS WAF for Amazon API Gateway in our documentation.