WAF
web application firewall
Last updated
web application firewall
Last updated
Protect web app from web attacks(Layer 7 - HTTP and HTTPS), so WAF does not support NLB (Layer 4).
Can be deployed on
ALB (protect the origin web server running behind ALB)
API Gateway (protect REST APIs)
CloudFront (protect content on Edge location)
AppSync (protect GraphQL API)
Cognito User Pool
IP Set
Protect from common attacks: SQL Injection, XSS (Cross-site scripting)
Size constraints
Geo-match (block countries)
(for DDoS protection)
You can configure CloudFront to present a custom error page when requests are blocked.
For DDoS protection.
No upfront.
Charges based on number of web ACLs rule that you create, and the number of requests you receive.
Can inspect both IPv4 and IPv6.
Web ACL is regional, except for CloudFront.