AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources

  • You can reject requests that matches SQL injection and Cross-Site Scripting (XSS).
  • You can filter web requests based on IP address, geographic area, request size, and/or string or regular expression patterns using the rules.
  • You can put these conditions on HTTP headers or body of the request itself, allowing you to create complex rules to block attacks from specific user-agents, bad bots, or content scrapers.

[x] In this module, you will create a WAF ACL and attach it to the API Gateway we created.