AWS service detail

AWS WAF

Security, Identity, & Compliance

Filter malicious web traffic

Security, Identity, & ComplianceProduction guidance

Production use

Protect public web apps and APIs from common web attacks and abusive traffic.

Before production

  • Attach to CloudFront/ALB/API Gateway
  • use managed rules
  • rate limits
  • logging
  • test mode
  • tuning for false positives.