How do I configure AWS WAF to protect my resources from known common attacks such as cross-site scripting attacks (XSS attacks), SQL injection attacks, attacks from known bad IP addresses, or brute-force HTTP flood attacks?

Note: You can deploy AWS WAF with Amazon CloudFront distributions or Application Load Balancers.

Cross-site scripting attacks (XSS attacks)

For information about cross-site scripting match conditions and the values to specify for cross-site scripting match conditions, see Working with Cross-site Scripting Match Conditions.

SQL injection attacks

For information about creating SQL injection match conditions and the values to specify for SQL injection match conditions, see Working with SQL Injection Match Conditions.

Attacks from known bad IP addresses

For information about creating IP match conditions to allow and block IP addresses, see Working with IP Match Conditions.

For an example of using AWS WAF and AWS Lambda to block requests from specific IP addresses, see Tutorial: Blocking IP Addresses That Submit Bad Requests.

Brute-force HTTP flood attacks

For information about creating a Rate-based rule to manage clients that send multiple web requests exceeding a configured threshold, see Creating a Rule and Adding Conditions. Note that AWS WAF blocks the client IP address for a specified time period. After the expiration of that time period, the IP address is unblocked.

Note: If you don’t specify an optional match condition, all traffic requests count towards the rate limit in and increment the request counter.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-08-14