AWS WAF for HTTP APIs

Currently, we do not support WAF for HTTP APIs. We have a backlog item for this request. Thank you for reaching out.

regards,
Senthil

2023 still waiting :/

Hello there,

Since AWS is not providing the mentioned HTTP API end-point protection you are welcome to try Wallarm's API protection service - https://wallarm.com/solutions#api-protection

It is easy to try the service - just open a trial account at https://us1.my.wallarm.com/signup

Thanks.

It seems like most WAF providers out there don't provide support for HTTP APIs. Even saw one which had a support page saying to just turn off the WAF when it comes to API requests. Too prone to false positives lol.
I checked out Wallarm too as per the other suggestion and looks like they actually accurately handle API requests without any manual tuning

I'm glad to hear that you liked the Wallarm API protection product - the platform also protects gRPC, GraphQL and Websocket protocols. Feel free to reach out to sales@wallarm.com for a detailed demo.

Is there an ETA on this feature, or is the backlog visible?

Is there an ETA on this feature?

Seconding an interest in what the ETA is, or transparency into the backlog progress.

I'm also in need for waf support for apigatewayv2

Much needs for me, WAF for HTTP APIs

We are also really in need of this.

Another upvote for this backlog item. Thanks

+1 feature needed !
Thanks

+1 for either WAF support or private HTTP API.

We would love to switch to HTTP API gateways and make use of the built-in JWT authorizers, but many of our API should only be accessible internally and the lack of support on HTTP API's currently pushes us to continue to use REST APIs.

Thank you!

Hi,

We'd very much like this feature processed on your backlog. WAF protection for HTTP APIs would greatly help us as we're figuring out how to protect us from harmful intents.

Regards,

+1 feature needed for both HTTP API and apigatewayv2