Note - Deplify’s WAF Protection feature is not applicable when using the Terraform Provider Blueprint or the CDK Provider Blueprint

AWS WAF (Web Application Firewall) is a tool from AWS that helps protect web applications from commons attacks such as DDOS attacks or sql injection. You can optionally enable WAF on a stack, Deplify currently supports 3 rules, you can enable one or more of these rules.

Types of Rules

1. IP Rate Limiter Rule (DDOS Protection)

The IP rate limiter rule limits the amount of requests that can come from a single IP address within a 5 minute period. You can configure the threshold to fit your use case. Once an IP address reaches this threshold, requests to your site from that IP will be blocked.

2. Common Threat Protection Rule Set

This is a rule set maintained by AWS that encompasses all of the common web threats. This rule will inspect the incoming request’s headers, payload, and query parameters for any suspicious behaviour. Bad requests will be blocked from even reaching your application.

3. Block Known Bad IP Addresses

This is a rule set maintained by AWS. The Amazon IP reputation list rule group contains rules that are based on Amazon internal threat intelligence. This is useful if you would like to block IP addresses typically associated with bots or other threats. Blocking these IP addresses can help mitigate bots and reduce the risk of a malicious actor discovering a vulnerable application.

How To Enable WAF Protection?

  1. Navigate to the Stack page of the stack you want to enable WAF on.
  2. Click the Firewall & DDOS tab.
  3. Enable any of the 3 rules. Ensure for the IP Rate Limiter rule, you specify the threshold for the number of requests.
  4. Click Save Changes
  5. This will kick off a new deployment which will take between 5-10 minutes to complete. Once complete, your WAF is now live and protecting your site.

How To Disable WAF Protection?

  1. Navigate to the Stack page of the stack you want to enable WAF on.
  2. Click the Firewall & DDOS tab.
  3. Disable all of the rules.
  4. Click Save Changes
  5. This will kick off a new deployment which will take between 5-10 minutes to complete. Once complete, your WAF is terminated.

How Much Does WAF increase my AWS bill?

Go here for the latest WAF pricing.

At a high level, enabling WAF has a base price of $5/month + $1/per rule/month + $0.60 per 1 million requests. So for example, if you were to enable WAF with just one rule, your base price would be $6/month. If your site received 1 million requests that month, your AWS WAF bill would be $6.60 for the month.