Posted On: Jun 21, 2022

AWS WAF Captcha is now available for all customers. AWS WAF Captcha helps block unwanted bot traffic by requiring users to successfully complete challenges before their web request are allowed to reach AWS WAF protected resources. You can configure AWS WAF rules to require WAF Captcha challenges to be solved for specific resources that are frequently targeted by bots such as login, search, and form submissions. You can also require WAF Captcha challenges for suspicious requests based on the rate, attributes, or labels generated from AWS Managed Rules, such as AWS WAF Bot Control or the Amazon IP Reputation list. WAF Captcha challenges are simple for humans while remaining effective against bots. WAF Captcha includes an audio version and is designed to meet WCAG accessibility requirements.

AWS WAF Captcha launched on 4th Nov 2021 in the US East (N. Virginia), US West (Oregon), Europe (Frankfurt), South America (Sao Paulo), and Asia Pacific (Singapore) AWS Regions and supports Application Load Balancer, Amazon API Gateway, and AWS AppSync resources. AWS WAF Captcha is now available in all commercial AWS regions, AWS GovCloud (US) Regions and supports Amazon CloudFront resources.

You can start using Captcha in AWS WAF by creating or navigating to a rule statement and selecting challenge as the action type. When a request matches a rule statement and has WAF Captcha as the action type, users will be presented with a page delivered by AWS WAF, instructing them to complete a Captcha challenge before they can proceed. Once a user successfully completes a Captcha challenge, the originally requested resource will be requested again automatically. Users that complete challenges will not be required to complete additional challenges for a period of time that you can customize. For detailed information, see the AWS WAF developer guide. WAF Captcha usage is billed based on the number of WAF Captcha challenges attempted, in addition to standard AWS WAF service charges. See the AWS WAF Pricing page for more details.