AWS WAF features

AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots. AWS WAF enables you to create security rules designed to control bot traffic and block common attack patterns. You can also customize rules that filter out specific traffic patterns. You can use Managed Rules for AWS WAF, a pre-configured set of rules managed by AWS or AWS Marketplace Sellers. These rules are updated as new issues emerge. AWS WAF includes an API that you can use to automate the creation, deployment, and maintenance of security rules.

You can deploy AWS WAF on Amazon CloudFront as part of your CDN solution, the Application Load Balancer that fronts your web servers or origin servers running on EC2, Amazon API Gateway for your REST APIs, or AWS AppSync for your GraphQL APIs.

AWS WAF lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers and body, or custom URIs. AWS WAF allows you to create a centralized set of rules that you can deploy across multiple websites.

AWS WAF Bot Control is a managed rule group that gives you visibility and control over common and pervasive bot traffic. You can block, or rate-limit, pervasive bots, such as scrapers, scanners, and crawlers, or you can allow common bots, such as status monitors and search engines. The Bot Control managed rule group can be used alongside other Managed Rules for WAF or your own custom WAF rules to protect your applications.

AWS WAF Fraud Control - Account Takeover Prevention is a managed rule group that monitors your application’s login page for unauthorized access to user accounts using compromised credentials. You can use the rule group to help protect against credential stuffing attacks, brute force login attempts, and other anomalous login activities. With optional JavaScript and iOS/Android SDKs, you can receive additional telemetry on user devices that attempt to log in to your application to better protect your application against automated login attempts by bots. Account Takeover Prevention is part of Managed Rules for AWS and can be used together with Bot Control to defend your application against bot attacks.

Account Creation Fraud Prevention is a managed rule group that monitors your application’s sign-up or registration page for creation of fake or fraudulent accounts. You can use the rule group to help protect against abuse such as promotional or sign-up abuse, loyalty or rewards abuse and phishing. With the recommended JavaScript and iOS/Android SDKs, you can receive additional telemetry on user devices that attempt to sign-up to your application to better protect your application against automated attempts by bots. Account Creation Fraud Prevention is part of Managed Rules for AWS and can be used together with Bot Control to effectively defend your application against bot attacks.

AWS WAF can be administered via APIs. AWS WAF can also be deployed and provisioned using AWS CloudFormation sample templates.

AWS WAF provides metrics and captures raw requests that include details about IP addresses, geo locations, URIs, User-Agent and Referrers. AWS WAF is integrated with Amazon CloudWatch, enabling you to set up custom alarms when thresholds are exceeded or particular attacks occur.

You can centrally configure and manage AWS WAF deployments across multiple AWS accounts using AWS Firewall Manager.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.