How we implement AWS WAF in our projects

by Yuval Oren, Co-Founder / CEO


If you are looking for a quick way to add security to your web application or APIs in AWS, then AWS WAF (Web Application Firewall) is a no brainer.

It offers:

  1. Geo-Blocking
  2. Managed rules against web-based attacks
  3. Bot Protection
  4. Login protection (depends on your use case)
  5. Fairly cheap (unless you have a very high-traffic site)

But it does come with a bit of risk - false positives.

This is a reason why we've seen some projects where they tried to set it up, got burned by the false positives, and then quickly disabled it forever.

This is a shame because if you do it correctly, it doesn't have to be that way.

Here is our dead simple process to introduce WAF to an existing environment.

Our 3-step process for implementing WAF

Count Scope-Down Block

The idea is simple:

  1. You enable the WAF and override all the rules to COUNT (meaning "log" the request instead of blocking it).
  2. Scope Down - Search the logs to identify false positives. Then, use Scope Down statements in the WAF rule set.
  3. Block - Once confident, remove the override for the rule sets.

It should take you a few days to complete the cycle but it sure is easier than doing it under fire.

Watch the video for the full demo.

More articles

AWS RDS Proxy - It's not set and forget

_In this post, I will show you how to use CloudFront or AWS WAF to enable geo-blocking (blocking based on geographical location) for your website or APIs._

Read more

AWS Geo Blocking with CloudFront and WAF

_In this post, I will show you how to use CloudFront or AWS WAF to enable geo-blocking (blocking based on geographical location) for your website or APIs._

Read more

Tell us about your project

Our offices

  • Israel
    5 Hatidhar St
    Ra'anana, Israel