Skip to main content
DE / EN
Cloud / AWS / Products / AWS WAF

AWS WAF

AWS WAF is a web application firewall that protects web applications from SQL Injection, XSS, and other attacks.

Security, Identity & Compliance
Get Expert Support Documentation
Pricing Model Pay per web ACL, rule, and request
Availability All regions
Data Sovereignty EU regions available
Reliability Depends on CloudFront/ALB SLA SLA

What is AWS WAF?

AWS WAF is a web application firewall that filters HTTP/HTTPS traffic to your web applications. The service protects against OWASP Top 10 attacks like SQL Injection, Cross-Site Scripting (XSS), and other web exploits. WAF can be placed directly in front of CloudFront, ALB, or API Gateway.

Core Features

  • Managed Rules: Predefined rulesets for common attack patterns
  • Custom Rules: Custom rules based on IP, header, URI, or body
  • Rate-Based Rules: Automatic blocking on too many requests
  • Bot Control: Detection and blocking of bad bots
  • Real-Time Metrics: Monitoring via CloudWatch and logging to S3/Kinesis

Typical Use Cases

Web Application Protection: E-commerce platforms and SaaS applications use WAF as the first line of defense. Managed Rules automatically block known attack patterns without manual configuration.

Bot Management: WAF Bot Control distinguishes between desired bots (search engines) and malicious bots (scrapers, credential stuffing). Companies protect their APIs from automated attacks.

Compliance: For PCI-DSS and other compliance frameworks, a WAF is often mandatory. AWS WAF provides the necessary logging and reporting capabilities.

Benefits

  • No infrastructure to manage, scales automatically with traffic
  • Managed Rules are automatically updated against new threats
  • Sub-millisecond latency through global edge deployment
  • Flexible pricing: only pay for active rules and requests

Integration with innFactory

As an AWS Reseller, innFactory supports you with AWS WAF: security assessment, rule design, logging setup, incident response, and continuous WAF configuration optimization.

Typical Use Cases

SQL Injection prevention
XSS protection
Bot mitigation
Rate limiting

Frequently Asked Questions

What is the difference between AWS WAF and AWS Shield?

AWS WAF protects against Layer 7 attacks like SQL Injection and XSS. AWS Shield protects against Layer 3/4 DDoS attacks. For comprehensive protection, both services are combined.

Which AWS services can I protect with WAF?

AWS WAF can be placed in front of Amazon CloudFront, Application Load Balancer, Amazon API Gateway, AWS AppSync, and Amazon Cognito User Pools.

What are AWS Managed Rules?

AWS Managed Rules are predefined rulesets from AWS and partners. They cover common attack patterns and are automatically updated when new threats are detected.

How do I test WAF rules without blocking traffic?

With Count mode, you can enable rules without blocking traffic. WAF counts and logs matches so you can analyze the impact before switching to Block mode.

Quick Links

Documentation Pricing Console

AWS Cloud Expertise

innFactory is an AWS Reseller with certified cloud architects. We provide consulting, implementation, and managed services for AWS.

Comparable Products from Other Clouds

As a multi-cloud partner, we help you choose the right platform for your specific requirements.

Google Cloud

Cloud Armor - DDoS Protection and WAF

Cloud Armor protects applications from DDoS attacks and provides a Web Application Firewall.

Pricing Pay-per-use
SLA 99.99%
Compare →
Azure

Azure Web Application Firewall: Web App Protection

Azure Web Application Firewall (WAF) protects web applications from OWASP attacks like SQL Injection and Cross-Site …

Pricing Fixed + capacity units
SLA 99.95%
Compare →

Ready to start with AWS WAF?

Our certified AWS experts help you with architecture, integration, and optimization.

Schedule Consultation