Services or capabilities described in this page might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China Regions. Only “Region Availability” and “Feature Availability and Implementation Differences” sections for specific services (in each case exclusive of content referenced via hyperlink) in Getting Started with Amazon Web Services in China Regions form part of the Documentation under the agreement between you and Sinnet or NWCD governing your use of services of Amazon Web Services China (Beijing) Region or Amazon Web Services China (Ningxia) Region (the “Agreement”). Any other content contained in the Getting Started pages does not form any part of the Agreement.
Amazon WAF Documentation
Amazon WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots. Amazon WAF enables you to create security rules designed to control bot traffic and block common attack patterns. You can also customize rules that filter out specific traffic patterns. You can use Managed Rules for Amazon WAF, a pre-configured set of rules managed by Amazon Web Services or Amazon Marketplace Sellers. These rules are updated as new issues emerge. Amazon WAF includes an API that you can use to automate the creation, deployment, and maintenance of security rules.
You can deploy Amazon WAF on Amazon CloudFront as part of your CDN solution, the Application Load Balancer that fronts your web servers or origin servers running on EC2, Amazon API Gateway for your REST APIs, or Amazon AppSync for your GraphQL APIs.
Web traffic filtering
Amazon WAF lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers and body, or custom URIs. Amazon WAF allows you to create a centralized set of rules that you can deploy across multiple websites.
Amazon WAF Bot Control
Amazon WAF Bot Control is a managed rule group that gives you visibility and control over common and pervasive bot traffic. You can block, or rate-limit, pervasive bots, such as scrapers, scanners, and crawlers, or you can allow common bots, such as status monitors and search engines. The Bot Control managed rule group can be used alongside other Managed Rules for WAF or your own custom WAF rules to protect your applications.
Account takeover fraud prevention
Amazon WAF Fraud Control - Account Takeover Prevention is a managed rule group that monitors your application’s login page for unauthorized access to user accounts using compromised credentials. You can use the rule group to help protect against credential stuffing attacks, brute force login attempts, and other anomalous login activities. With optional JavaScript and iOS/Android SDKs, you can receive additional telemetry on user devices that attempt to log in to your application to better protect your application against automated login attempts by bots. Account Takeover Prevention is part of Managed Rules for Amazon and can be used together with Bot Control to defend your application against bot attacks.
API
Amazon WAF can be administered via APIs. Amazon WAF can also be deployed and provisioned using Amazon CloudFormation sample templates.
Visibility
Amazon WAF provides metrics and captures raw requests that include details about IP addresses, geo locations, URIs, User-Agent and Referrers. Amazon WAF is integrated with Amazon CloudWatch, enabling you to set up custom alarms when thresholds are exceeded or particular attacks occur.
Integration with Amazon Firewall Manager
You can centrally configure and manage Amazon WAF deployments across multiple Amazon Web Services accounts using Amazon Firewall Manager.
Additional Information
For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.amazonaws.cn/en_us/. This additional information does not form part of the Documentation for purposes of the Sinnet Customer Agreement for Amazon Web Services (Beijing Region), Western Cloud Data Customer Agreement for Amazon Web Services (Ningxia Region) or other agreement between you and Sinnet or NWCD governing your use of services of Amazon Web Services China Regions.