AWS WAF

View Summary

Raw Text

AWS

Documentation

Developer Guide

AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources. You can protect the following resource types:

Amazon CloudFront distribution

Amazon API Gateway REST API

Application Load Balancer

AWS AppSync GraphQL API

Amazon Cognito user pool

AWS App Runner service

AWS Verified Access instance

AWS WAF lets you control access to your content. Based on criteria that you specify, such as the IP addresses that requests originate from or the values of query strings, the service associated with your protected resource responds to requests either with the requested content, with an HTTP 403 status code (Forbidden), or with a custom response.

Note

You can also use AWS WAF to protect your applications that are hosted in Amazon Elastic Container Service (Amazon ECS) containers. Amazon ECS is a highly scalable, fast container management service that makes it easy to run, stop, and manage Docker containers on a cluster. To use this option, you configure Amazon ECS to use an Application Load Balancer that is enabled for AWS WAF to route and protect HTTP(S) layer 7 traffic across the tasks in your service. For more information, see Service Load Balancing in the Amazon Elastic Container Service Developer Guide .

Topics

How AWS WAF works

Getting started with AWS WAF

Web access control lists (web ACLs)

Rule groups

AWS WAF rules

Handling oversize web request components in AWS WAF

Regular expression pattern matching in AWS WAF

IP sets and regex pattern sets in AWS WAF

Customized web requests and responses in AWS WAF

AWS WAF labels on web requests

AWS WAF intelligent threat mitigation

Logging AWS WAF web ACL traffic

Testing and tuning your AWS WAF protections

How AWS WAF works with Amazon CloudFront features

Security in your use of the AWS WAF service

AWS WAF quotas

Migrating your AWS WAF Classic resources to AWS WAF

Document Conventions

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.

Single Line Text

AWS. Documentation. Developer Guide. AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources. You can protect the following resource types: Amazon CloudFront distribution. Amazon API Gateway REST API. Application Load Balancer. AWS AppSync GraphQL API. Amazon Cognito user pool. AWS App Runner service. AWS Verified Access instance. AWS WAF lets you control access to your content. Based on criteria that you specify, such as the IP addresses that requests originate from or the values of query strings, the service associated with your protected resource responds to requests either with the requested content, with an HTTP 403 status code (Forbidden), or with a custom response. Note. You can also use AWS WAF to protect your applications that are hosted in Amazon Elastic Container Service (Amazon ECS) containers. Amazon ECS is a highly scalable, fast container management service that makes it easy to run, stop, and manage Docker containers on a cluster. To use this option, you configure Amazon ECS to use an Application Load Balancer that is enabled for AWS WAF to route and protect HTTP(S) layer 7 traffic across the tasks in your service. For more information, see Service Load Balancing in the Amazon Elastic Container Service Developer Guide . Topics. How AWS WAF works. Getting started with AWS WAF. Web access control lists (web ACLs) Rule groups. AWS WAF rules. Handling oversize web request components in AWS WAF. Regular expression pattern matching in AWS WAF. IP sets and regex pattern sets in AWS WAF. Customized web requests and responses in AWS WAF. AWS WAF labels on web requests. AWS WAF intelligent threat mitigation. Logging AWS WAF web ACL traffic. Testing and tuning your AWS WAF protections. How AWS WAF works with Amazon CloudFront features. Security in your use of the AWS WAF service. AWS WAF quotas. Migrating your AWS WAF Classic resources to AWS WAF. Document Conventions. Thanks for letting us know we're doing a good job! If you've got a moment, please tell us what we did right so we can do more of it. Thanks for letting us know this page needs work. We're sorry we let you down. If you've got a moment, please tell us how we can make the documentation better.