We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
Your privacy choices
We display ads relevant to your interests on AWS sites and on other properties, including cross-context behavioral advertising. Cross-context behavioral advertising uses data from one site or app to advertise to you on a different company’s site or app.
To not allow AWS cross-context behavioral advertising based on cookies or similar technologies, select “Don't allow” and “Save privacy choices” below, or visit an AWS site with a legally-recognized decline signal enabled, such as the Global Privacy Control. If you delete your cookies or visit this site from a different browser or device, you will need to make your selection again. For more information about cookies and how we use them, please read our AWS Cookie Notice.
One of the ways in which customers use AWS WAF is to automate security using AWS Lambda, which can analyze web logs and identify malicious requests and automatically update security rules. The following tutorials take care of going through the individual steps of configuring AWS WAF using AWS CloudFormation and include Lambda scripts to help get started protecting your web applications.
Pre-configured protections
You can use our preconfigured template to quickly get started with AWS WAF. The template includes a set of AWS WAF rules, which can be customized to best fit your needs, designed to block common web-based attacks. The rules help protect against bad bots, SQL Injection, Cross-site scripting (XSS), HTTP Floods, and known attacker attacks. Once you deploy the template, AWS WAF begins to block the web requests to your CloudFront distributions that match the preconfigured rules in your web access control list (web ACL). You can use this automated solution in addition to other web ACLs that you configure.
One security challenge you may have faced is how to prevent your web servers from being affected by distributed denial of service (DDoS) attacks, commonly called HTTP floods. In this tutorial, you will provision a solution that will identify IP addresses that are sending requests over your defined threshold and updates your AWS WAF rules to automatically block subsequent requests from those IP addresses.
Internet-facing web applications are frequently scanned by various sources, and unless managed by you, the sources probably don't have good intentions. To find vulnerabilities, these scans send out a series of requests that generate HTTP 4xx error codes which you can use to identify and block. In this tutorial, you’ll create a Lambda function that automatically parses CloudFront access logs, counts the number of bad requests from unique sources (IP addresses), and updates AWS WAF to block further scans from those IP addresses.
Using bad actor IP blacklists to prevent web attacks
AWS WAF can help you protect your web applications from exploits that originate from IP addresses that are known to be operated by bad actors such as spammers, malware distributors, and botnets. In this tutorial, you will learn how to synchronize AWS WAF Rules with reputation lists to block the ever-changing list of IP addresses used for web attacks, keeping up with bad actors as they swap addresses and attempt to escape detection.