AWS WAF

Protect your web applications from common exploits

Get 10 million common bot control requests per month

with the AWS Free Tier

Save time with managed rules so you can spend more time building applications.

More easily monitor, block, or rate-limit common and pervasive bots.

Improve web traffic visibility with granular control over how metrics are emitted.

How it works

AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.

Diagram showing how AWS WAF integrates with other AWS services to protect your web applications from exploits.
What is AWS WAF (Web application firewall)? (1:24)
Why AWS WAF?
With AWS WAF, you can create security rules that control bot traffic and block common attack patterns such as SQL injection or cross-site scripting (XSS).
Why AWS WAF?
With AWS WAF, you can create security rules that control bot traffic and block common attack patterns such as SQL injection or cross-site scripting (XSS).

Use cases

Filter web traffic

Create rules to filter web requests based on conditions such as IP addresses, HTTP headers and body, or custom URIs.

Learn more about creating rules »

Prevent account takeover fraud

Monitor your application’s login page for unauthorized access to user accounts using compromised credentials.

Learn more about fraud prevention »

Administer AWS WAF with APIs

Create and maintain rules automatically and incorporate them into the development and design process.

Learn more about APIs »

How to get started

Get started with AWS WAF

Deploy AWS WAF on Amazon CloudFront and Application Load Balancer.

Contact an expert

Protect your applications running in the cloud or on premises.

Start using AWS WAF

Keep your applications and APIs available and protected.


Explore more of AWS