Posted On: Sep 27, 2023

You can now better protect your CloudFront distributions with AWS WAF security recommendations in the CloudFront console. CloudFront conveniently displays additional security rules for your distributions based on elements of your CloudFront configuration including path patterns or your origin type. Simply select the rules you’d like to enable and CloudFront automatically adds those rules to your AWS WAF configuration.

CloudFront recently launched one-click security protections to handle creating and configuring AWS WAF for you with out-of-the-box protections. Now, you will see additional recommendations based on your CloudFront configuration. For example, if you have configured a cache behavior with a WordPress path pattern, you can enable protections that block malicious request patterns associated with the exploitation of vulnerabilities specific to WordPress, PHP, and SQL databases. Additionally to help protect against HTTP floods, we’ve added a guided workflow to rate limit requests when they are coming at too fast a rate. The workflow starts in monitor mode to capture metrics, tells you if your rate was exceeded—including how often and by how much, and allows you to adjust the rate or enable blocking without leaving the CloudFront console.

CloudFront security recommendations are now available in the Web Application Firewall (WAF) section of the CloudFront console and can be used to configure new or existing CloudFront distributions. Standard pricing for AWS WAF applies. You can estimate the price of AWS WAF security protections using the built-in pricing calculator when making your selection in the CloudFront console. To learn more, refer to the CloudFront Developer Guide.