Managed rules for AWS Web Application Firewall

Managed rules for AWS WAF are designed to help you spend less time writing firewall rules and more time building applications.

Get started with AWS WAF 

Managed rules for AWS Web Application Firewall (WAF) are a set of rules written, curated and managed by AWS Marketplace Sellers that can be easily deployed in front of your web applications running on Amazon CloudFront, AWS Application Load Balancers, or Amazon API Gateway.

With these managed rules, you can quickly get started and protect your web application or APIs against common threats like the OWASP Top 10 security risks, threats specific to Content Management Systems (CMS) like WordPress or Joomla, or even emerging Common Vulnerabilities and Exposures (CVE) without having to manage infrastructure.  

AWS Web Application Firewall (WAF)

Benefits

  Rules managed by security experts

Managed rules are written by security experts who have extensive and up-to-date knowledge of threats and vulnerabilities. Rules are written based on threats observed across many customers. AWS WAF Managed rules are automatically updated by AWS Sellers as new vulnerabilities and bad actors emerge. Managed rules sellers create rules using a combination of security engineers on staff, automated traffic analysis and threat intelligence databases.

  Easy to get started

Managed rules for AWS WAF give you a set of pre-configured rules written and managed by AWS Marketplace Sellers, allowing you to quickly get started with AWS WAF rules for your application. You can simply subscribe to Managed rules via the AWS Marketplace and then use the AWS WAF console to specify which resources to protect. All rules are deployed on the AWS WAF managed infrastructure.

  Choice of protections

With managed rules you get a wide selection of protections from security experts and AWS Marketplace Sellers. You can choose from a variety of widely applicable protections like IP reputation lists and OWASP Top 10 protections, or choose from platform-specific rules like WordPress or Joomla rules.

  Pay as you go

You can subscribe to managed rules with a few clicks and pay only for what you use, without having to sign up for any expensive professional services. Managed rules are automatically updated, and there are no contracts or subscription commitments. managed rules are charged by the hour.

Meet the managed rules sellers

Cyber Security Cloud
Cyber Security Cloud  Managed Rules for AWS WAF

Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

Cyber Security Cloud Managed Rules provide rulesets that are regularly updated to include the latest threat alerts by using Cyber Threat Intelligence. These rulesets are designed to mitigate and minimize vulnerabilities, including all those on OWASP Top 10 Web Application Threats list. Learn more

Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-

Cyber Security Cloud Managed Rules are compiled in a comprehensive package to mitigate and minimize vulnerabilities, including the most serious OWASP API Security/Serverless Top 10 Threats. Learn more

Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-

Included are a lot of managed rules targeting common vulnerabilities such as code injection techniques (SQLi, NoSQLi, OScommandi, etc), XSS, directory traversal and known exploits involving web-applications using technologies such as Apache Struts2/ Apache Tomcat/ Oracle WebLogic/ WordPress/ Drupal/ Joomla! and Malicious Bots rulesets.  Learn more
F5
F5 Managed Rules for AWS WAF

Bot protection rules

Bot Protections Rules is a partner managed rule group for AWS WAF that stops a broad range of malicious bots activities such as vulnerability scanners, web scrapers, DDoS tools, and forum spam tools. Learn more

Web exploits OWASP rules

F5 Web Exploits OWASP Rules for AWS WAF, provides protection against web attacks that are part of the OWASP Top 10, such as: SQLi, XSS, command injection, No-SQLi injection, path traversal, and predictable resource. Learn more

Common Vulnerabilities and Exposures (CVE)

CVE Rules for AWS WAF provides protection for high profile CVEs targeting the following systems: Apache, Apache Struts, Bash, Elasticsearch, IIS, JBoss, JSP, Java, Joomla, MySQL, Node.js, PHP, PHPMyAdmin, Perl, Ruby On Rails, and WordPress. Learn more

API attacks

Protects against API attacks, web attacks (such as XML external entity attacks) and server side request forgery. The rule set includes support for XML and JSON payloads, and common web API frameworks. Learn more

Fortinet
Fortinet Managed Rules for AWS WAF

General and known exploits rule group

Fortinet WAF RuleGroups are based on the FortiWeb web application firewall security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs. The General and Known Exploits RuleGroup detects common and advanced OWASP Top 10 threats including numerous Injection attacks, URL Redirects, HTTP Response Splitting, Database Disclosure vulnerabilities and other Common Vulnerabilities and Exposures (CVEs). Please see our other RuleGroups for additional protections. Learn more

Malicious bots

Fortinet WAF RuleGroups are based on the FortiWeb web application firewall security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs. The Malicious Bots RuleGroup analyzes requests and blocks known content scrapers, spiders looking for vulnerabilities, and other unwanted automated clients that OWASP has identified as risks to web applications. Please see our other RuleGroups for additional protections. Learn more

SQLi/XSS

Fortinet WAF RuleGroups are based on the FortiWeb web application firewall security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs. The SQLi/XSS RuleGroup provides protection from the two primary web application attack types identified in the OWASP Top 10, SQL Injection and Cross-Site Scripting. Please see our other RuleGroups for additional protections.  Learn more

Complete OWASP top 10 rulegroup

Fortinet WAF RuleGroups are based on the FortiWeb web application firewall security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs. The Complete OWASP Top 10 RuleGroup combines Fortinet’s other AWS WAF RuleGroups into one comprehensive package that includes the SQLi/XSS, General and Known Exploits, and Malicious Bots RuleGroups. Learn more

API Gateway

The Fortinet Managed Rules for AWS API Gateway is a comprehensive package for the best web application protection to help protect against the OWASP Top 10 web application threats, including SQLi/XSS attacks, General and Known Exploits, and Malicious Bots.  Learn more
Imperva
Imperva Managed Rules for AWS WAF

IP reputation on AWS WAF

Imperva's Managed Rules for IP Reputation allows you to take a proactive approach to security by providing an extensive IP whitelist/blacklist which is regularly monitored and updated. Imperva's reputation feed leverages crowd-sourcing from aggregated attack data to update its list with newly detected malicious sources. Learn more

Getting Started with Fortinet FortiWeb Cloud WAF-as-a-Service

Fortinet FortiWeb Cloud WAF SaaS defends web-based applications from known and zero-day threats including the OWASP Top 10. The solution enables rapid deployment with minimal configuration required.

Learn more

Resources

Learn about shield web applications and edge devices from risks that can compromise security, affect application availability, or result in the consumption of excessive resources.

line drawing of light blue clouds on dark blue background.

EBOOK

The value of next generation firewall (NGFW) tools

Learn how organizations are using next-generation firewalls to help secure cloud migrations and new environments at scale.

No. of pages: 10 
Estimated read time: 7 minutes
photo of woman in green baggy shirt sitting at computer with large monitor

ON-DEMAND WEBINAR

How to secure a modern application on AWS

An introduction to modern application security and web application firewalls.

Cloud technology. Integrated digital web concept background

ON-DEMAND WEBINAR

JumpStart guide for application security on AWS

Learn how to understand and protect applications in your pipeline.

View all security resources 

Why buy in AWS Marketplace?

AWS Marketplace is a curated digital catalog that makes it easy to find, testbuy, and deploy the third-party software you want, with the simplified procurement and controls you need.

Learn more about AWS Marketplace 

2M+

Active Subscriptions

12,000+

Products across 65 Categories

2,000+

Independent Software Vendors

325K+

Active Customers

Want to learn more?

We're here to help you get started with AWS Marketplace.