Note - Deplify’s WAF Protection feature is not applicable when using the
Terraform Provider Blueprint
or the CDK Provider Blueprint
Types of Rules
1. IP Rate Limiter Rule (DDOS Protection)
The IP rate limiter rule limits the amount of requests that can come from a single IP address within a 5 minute period. You can configure the threshold to fit your use case. Once an IP address reaches this threshold, requests to your site from that IP will be blocked.2. Common Threat Protection Rule Set
This is a rule set maintained by AWS that encompasses all of the common web threats. This rule will inspect the incoming request’s headers, payload, and query parameters for any suspicious behaviour. Bad requests will be blocked from even reaching your application.3. Block Known Bad IP Addresses
This is a rule set maintained by AWS. The Amazon IP reputation list rule group contains rules that are based on Amazon internal threat intelligence. This is useful if you would like to block IP addresses typically associated with bots or other threats. Blocking these IP addresses can help mitigate bots and reduce the risk of a malicious actor discovering a vulnerable application.How To Enable WAF Protection?
- Navigate to the Stack page of the stack you want to enable WAF on.
- Click the
Firewall & DDOS
tab. - Enable any of the 3 rules. Ensure for the IP Rate Limiter rule, you specify the threshold for the number of requests.
- Click
Save Changes
- This will kick off a new deployment which will take between 5-10 minutes to complete. Once complete, your WAF is now live and protecting your site.
How To Disable WAF Protection?
- Navigate to the Stack page of the stack you want to enable WAF on.
- Click the
Firewall & DDOS
tab. - Disable all of the rules.
- Click
Save Changes
- This will kick off a new deployment which will take between 5-10 minutes to complete. Once complete, your WAF is terminated.
How Much Does WAF increase my AWS bill?
Go here for the latest WAF pricing.
$5/month + $1/per rule/month + $0.60 per 1 million requests
. So for example, if you were to enable WAF with just one rule, your base price would be $6/month
. If your site received 1 million requests that month, your AWS WAF bill would be $6.60 for the month.