1 Answer
- Newest
- Most votes
- Most comments
1
When you enable WAF on a resource (CloudFront, API Gateway or ALB) the endpoint does not change. This means that WAF does not front those services but rather that they invoke WAF as the first step, if so configured. You can see see this also in the WAF FAQ:
"2. How does AWS WAF block or allow traffic?
As the underlying service receives requests for your web sites, it forwards those requests to AWS WAF for inspection against your rules. Once a request meets a condition defined in your rules, AWS WAF instructs the underlying service to either block or allow the request based on the action you define."
Because of that, WAF doesn't modify the original request. It just return to the service an indication if to allow or reject the request.
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 2 years ago
- asked 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago