Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
All Content tagged with AWS WAF
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
Content language: English
Filter content
Select tags to filter
Sort by
Sort by most recent
471 results
Joanna KEXPERT
published 4 days ago0 votes77 views
How to setup alarms for AWS WAF `AWSManagedRulesAntiDDoSRuleSet`
Hi all,
We are currently experiencing a situation where a single external IP address is continuously sending a very high volume of requests (tens of thousands per minute) to our application behind Am...
Hi, I'm trying to understand a specific CloudFront routing behavior related to Host Header Injection, which was flagged as a vulnerability during a recent penetration test.
**My setup:**
* A CloudFro...
**Background**
I have an Application Load Balancer (ALB) with AWS WAF (Web ACL) attached. I configured a WAF rule called BlockInvalidPath that inspects the URI path and blocks requests that do not ma...
We are integrating the AWS WAF JavaScript SDK (challenge.js) with Bot Control TARGETED on a CloudFront-protected web application. The SDK loads successfully but token acquisition fails: the POST to mp...
Hello,
I cannot add any custom WAF rules.
I click the "validate" button and no error or warning is displayed.
When I click the "Add rule" button, nothing happens.
Any ideas why this happens?
Regards
I configured WAF "rate limit" as 10 and evaluation window as "5 minutes"
"RateBasedStatement": {
"Limit": 10,
"AggregateKeyType": "FORWARDED_IP",
"EvaluationWindowS...
I am getting paid as due to WAF , i have 3 active WebACLS ,attached to 3 diffrenent Distrubution , which i just created for learning and not using any more .
now if i try to deassociate WAF , it says...
I have below aws cdk JSON for WebAcl/WAFV2 resource ::
{
name: `${name}-wafv2`,
scope: 'CLOUDFRONT',
defaultAction: {
allow: {},
},
description: 'AWS Managed Rules Rule Set',...
I’m trying to confirm the billing behavior of Amazon API Gateway when the default execute-api endpoint is disabled (for REST APIs).
Disabled endpoint documentation: [https://docs.aws.amazon.com/apigat...
My hosted zone is correctly configured, as I have been using it for a couple of months now. Double checked with `whois mydomain.com`
Previously, I was using "mydomain.com" A record to route traffic to...
We are seeing CloudFront return 403 errors for POST requests even though AWS WAF logs show action: ALLOW.
Context
Architecture: Client → CloudFront → AWS WAF → API (ALB)
Request body ~29 KB (total r...