AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources
- You can reject requests that matches SQL injection and Cross-Site Scripting (XSS).
- You can filter web requests based on IP address, geographic area, request size, and/or string or regular expression patterns using the rules.
- You can put these conditions on HTTP headers or body of the request itself, allowing you to create complex rules to block attacks from specific user-agents, bad bots, or content scrapers.
[x] In this module, you will create a WAF ACL and attach it to the API Gateway we created.