All Content tagged with AWS WAF
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
Content language: English
Select up to 5 tags to filter
Sort by most recent
392 results
Hello,
When we associate WAF with ALB, we have a choice of "Fail Open" or "Fail Close".
I could not find the same option when we associate WAF with Cloudfront. Did I fail to find the option?
If we...
I'm creating a multi tenant architecture. Each tenant will have their own cognito user pool. I want to associate each user pool with a single WAF ACL. Im guessing i could have up to 4000 user pools...
Hi!
I am trying to pass the real client IP address of the request arrived at the ALB, so I can retrieve it from my web server in a header.
Initially, I thought that the "remove" mode in the attribute...
Hi everyone,
In AWS WAF, I have a rate-based rule that blocks if requests coming from a source IP address exceed the threshold, which is 120 requests within 2 minutes. The rule is also blocking...
Is there a best practice to protect a non-AWS origin using AWS edge services? Looking to front a Azure origin with multiple domains registered with AWS R53 with both CloudFront and WAF. Hopefully down...
Hi everyone,
I have two publicly accessible EC2 instances: let's call them Instance A and Instance B. Instance A very frequently sends requests to instance B. And Instance B is sitting behind a Load...
I am following a similar workflow as show in [this](https://stackoverflow.com/a/77529522/4352701) StackOverflow post. I have an SPA that runs at `admin.example.com` with API requests (via an...
EXPERT
published a month ago1 votes118 views
Is there a way to check the log where the user changed the action of the rule for WebAcl?
Hi guys,
As I see CloudFront itself have geographic restrictions under security tab. I wonder why we don't use WAF in this case.
Hi,
I have a rest API deployed on ECS and fronted with an ALB. I set a rule on WAF to block DDOS attack.
If there are more than 10 request in one minute, then the requests should block. However, it...
Hi all,
We had a WAF review completed earlier this year, and are reviewing recommendations with a view to action. One of those is:
Determine key performance indicators (KPIs) and workload metrics....