Posted On: Apr 1, 2021

AWS WAF announces the launch of AWS WAF Bot Control, which gives you visibility and control over common and pervasive bots that consume excess resources, skew metrics, cause downtime, or perform other undesired activities. With Bot Control, you can easily monitor, block, or rate-limit pervasive bots, such as scrapers, scanners, and crawlers, or you can allow common bots, such as status monitors and search engines. You can add the Bot Control managed rule group alongside other Managed Rules for WAF or your own custom WAF rules to protect your applications.

Starting today, all WAF customers can view current bot traffic estimates for their applications based on a sample of requests currently processed by AWS WAF. Visit the AWS WAF console to view the bot overview dashboard.

To take action on bot traffic and receive detailed, real-time visibility into the category, identity, and other characteristics of common bot traffic, simply add the Bot Control managed rule group to your AWS WAF Web ACL. You can optionally use AWS WAF scope down statements to control which requests to your applications are evaluated by the Bot Control rule group. When a request is evaluated by the Bot Control rule group, WAF labels like the category and name of the bot are automatically generated for use in custom AWS WAF rules you can write. Labels generated by the Bot Control rule group also emit CloudWatch metrics and are added to AWS WAF logs. You can use AWS Firewall Manager to deploy the Bot Control managed rule group across all your applications in multiple accounts that are part of your AWS Organization.

AWS WAF Bot Control is available in all AWS WAF regions. You can deploy AWS WAF Bot Control to protect Amazon CloudFront, Application Load Balancer, Amazon API Gateway, and AWS AppSync resources. You are charged a monthly fee for each web ACL to which you add the Bot Control managed rule group and a per-request fee for web requests processed by the Bot Control managed rule group. Other standard service charges for AWS WAF still apply. Learn more about AWS WAF Bot Control by visiting the Bot Control feature page.