cloud service
AWS Web Application Firewall (AWS WAF)
Protect your web applications or APIs from common web exploits
StormIT helps organizations protect their websites and applications against all commonly known application-layer attacks and exploits by leveraging comprehensive protection of AWS Web Application Firewall (WAF). AWS WAF protection is tightly integrated with AWS services that AWS customers use to deliver content such as Amazon CloudFront, the Application Load Balancer (ALB), and Amazon API Gateway.
Secure your web application and deliver your data, videos, or APIs to your customers globally with low latency and higher transfer speeds with AWS WAF and AWS Edge Services Bundles.
AWS WAF
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns.
You can get started quickly using Managed Rules for AWS WAF, a pre-configured set of rules managed by AWS or AWS Marketplace Sellers. These rules are regularly updated as new issues emerge.
How AWS WAF Works
Use AWS WAF to control how an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AWS AppSync GraphQL API responds to web requests.
01
Create a policy
Build your own rules using the visual rule builder, code in JSON, or simply deploy managed rules maintained by AWS and/or sellers from AWS Marketplace.
02
Block & Filter
Protect against exploits and vulnerabilities such as SQL injection attacks or Cross-Site Scripting (XSS) attacks. Filter out unwanted traffic by defining specific patterns or by IP address.
03
Monitor traffic
Use Amazon CloudWatch for incoming traffic metrics and Amazon Kinesis Firehose for request details, then tune rules based on metrics and log data.
01
Create a policy
Build your own rules using the visual rule builder, code in JSON, or simply deploy managed rules maintained by AWS and/or sellers from AWS Marketplace.
02
Block & Filter
Protect against exploits and vulnerabilities such as SQL injection attacks or Cross-Site Scripting (XSS) attacks. Filter out unwanted traffic by defining specific patterns or by IP address.
03
Monitor traffic
Use Amazon CloudWatch for incoming traffic metrics and Amazon Kinesis Firehose for request details, then tune rules based on metrics and log data.
AWS WAF Protection
AWS WAF can help you mitigate the OWASP Top 10 and other web application security vulnerabilities because attempts to exploit them often have common detectable patterns in the HTTP requests.
Layer 7 DDoS attacks
You can use AWS WAF rate limiting rules to block clients from specific IP addresses that are sending an abusive number of requests to your application. AWS WAF also provides the ability to block known malicious IP addresses using the Amazon IP reputation list or by subscribing to AWS partner IP reputation lists from the AWS Marketplace.
Bad bots
To stop traffic generated by bad bots, you can use the IP reputation lists within AWS Managed Rules to cover some of the scanner-type bots. In addition, you can use the AWS WAF Security Automations Solution to defend against bots by implementing honeypots and behavioral detections with WAF logs.
Web application attacks
You can select and add some of the AWS managed rule groups to protect your application from various threats. In addition to AWS Managed Rules, you can also write custom rules specific to your application to block undesired patterns in parts of the HTTP request.
Benefits of AWS WAF
AWS WAF completes other protective systems such as firewalls and intrusion prevention systems, and helps you reduce the risk of downtime, data theft and security breaches.
TALK TO A CLOUD SPECIALISTAWS WAF rule propagation and updates take under a minute. WAF rules can inspect any part of the web request with minimal latency.
You can filter any part of the web request, such as IP addresses, HTTP headers, HTTP body, or URI strings. This allows you to block common attack patterns, such as SQL injection or cross-site scripting.
With Managed Rules for AWS WAF, you can quickly get started and protect your web application or APIs against common threats
Managed rules are written by security experts who have extensive and up-to-date knowledge of threats and vulnerabilities. Managed rules are automatically updated as new issues emerge.
AWS WAF gives near real-time visibility into your web traffic, which you can use to create new rules or alerts in Amazon CloudWatch.
In addition, AWS WAF offers comprehensive logging by capturing each inspected web request’s full header data for use in security automation, analytics, or auditing purposes.
You pay only for what you use. AWS WAF provides a customizable, self-service offering, and pricing is based on how many rules you deploy and how many web requests your web application receives. There are no minimum fees and no upfront commitments.
Great local AWS partner. They are friendly, helpful, and have given us good advice and AWS discounts.
Roman Novák
CTO & Co-Founder
Cinnamon Technologies Inc.
Extremely helpful and friendly approach from the StormIT guys. They helped us optimize the setup for the cloud version of our digital trust OBELISK products. I would recommend the cooperation to everybody:)
Martin Jurík
Channel Partner Manager
SEFIRA spol. s.r.o.
StormIT has proven to be excellent AWS partner in terms of CloudFront offerings, reaction, transparency and pricing. Personally, I was very satisfied with fast support response and quickly resolving any issues we had.
Tomislav Rašeta
DevOps Engineer
Sedmi Odjel d.o.o.
Customer service. Simple as that. There are many many options out there with respect to Cloud services and it all more or less looks the same. What stood out with StormIT is consistent, reliable and strong customer service. We feel like a true partner, not a number. That is one of the main reasons why I would very likely recommend StormIT.
Fabien Ricard
CEO
Brid Video D.O.O.
Responsive, friendly, quality - all in all an excellent partner.
Bruce Pales
CEO
360 Cities s.r.o.
Smooth and professional service so far. Very easy to do business with.
Uros Jojic
President & Founder
Brid Video D.O.O.
Very good service. Fast replies to emails. CloudCheckr is good for overview of AWS service usage.
Kai Palomäki
CTO
Relax Gaming Ltd
The migration went smoothly and we received the answers to our questions during that phase.
Philippe Schroeter
Product Manager
DARTFISH SA
