cloud service
AWS Web Application Firewall (AWS WAF)
Protect your web applications or APIs from common web exploits
StormIT helps organizations protect their websites and applications against all commonly known application-layer attacks and exploits by leveraging comprehensive protection of AWS Web Application Firewall (WAF). AWS WAF protection is tightly integrated with AWS services that AWS customers use to deliver content such as Amazon CloudFront, the Application Load Balancer (ALB), and Amazon API Gateway.
Secure your web application and deliver your data, videos, or APIs to your customers globally with low latency and higher transfer speeds with AWS WAF and AWS Edge Services Bundles.
AWS WAF
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns.
You can get started quickly using Managed Rules for AWS WAF, a pre-configured set of rules managed by AWS or AWS Marketplace Sellers. These rules are regularly updated as new issues emerge.
How AWS WAF Works
Use AWS WAF to control how an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AWS AppSync GraphQL API responds to web requests.
01
Create a policy
Build your own rules using the visual rule builder, code in JSON, or simply deploy managed rules maintained by AWS and/or sellers from AWS Marketplace.
02
Block & Filter
Protect against exploits and vulnerabilities such as SQL injection attacks or Cross-Site Scripting (XSS) attacks. Filter out unwanted traffic by defining specific patterns or by IP address.
03
Monitor traffic
Use Amazon CloudWatch for incoming traffic metrics and Amazon Kinesis Firehose for request details, then tune rules based on metrics and log data.
01
Create a policy
Build your own rules using the visual rule builder, code in JSON, or simply deploy managed rules maintained by AWS and/or sellers from AWS Marketplace.
02
Block & Filter
Protect against exploits and vulnerabilities such as SQL injection attacks or Cross-Site Scripting (XSS) attacks. Filter out unwanted traffic by defining specific patterns or by IP address.
03
Monitor traffic
Use Amazon CloudWatch for incoming traffic metrics and Amazon Kinesis Firehose for request details, then tune rules based on metrics and log data.
AWS WAF Protection
AWS WAF can help you mitigate the OWASP Top 10 and other web application security vulnerabilities because attempts to exploit them often have common detectable patterns in the HTTP requests.
Layer 7 DDoS attacks
You can use AWS WAF rate limiting rules to block clients from specific IP addresses that are sending an abusive number of requests to your application. AWS WAF also provides the ability to block known malicious IP addresses using the Amazon IP reputation list or by subscribing to AWS partner IP reputation lists from the AWS Marketplace.
Bad bots
To stop traffic generated by bad bots, you can use the IP reputation lists within AWS Managed Rules to cover some of the scanner-type bots. In addition, you can use the AWS WAF Security Automations Solution to defend against bots by implementing honeypots and behavioral detections with WAF logs.
Web application attacks
You can select and add some of the AWS managed rule groups to protect your application from various threats. In addition to AWS Managed Rules, you can also write custom rules specific to your application to block undesired patterns in parts of the HTTP request.
Benefits of AWS WAF
AWS WAF completes other protective systems such as firewalls and intrusion prevention systems, and helps you reduce the risk of downtime, data theft and security breaches.
TALK TO A CLOUD SPECIALISTAWS WAF rule propagation and updates take under a minute. WAF rules can inspect any part of the web request with minimal latency.
You can filter any part of the web request, such as IP addresses, HTTP headers, HTTP body, or URI strings. This allows you to block common attack patterns, such as SQL injection or cross-site scripting.
With Managed Rules for AWS WAF, you can quickly get started and protect your web application or APIs against common threats
Managed rules are written by security experts who have extensive and up-to-date knowledge of threats and vulnerabilities. Managed rules are automatically updated as new issues emerge.
AWS WAF gives near real-time visibility into your web traffic, which you can use to create new rules or alerts in Amazon CloudWatch.
In addition, AWS WAF offers comprehensive logging by capturing each inspected web request’s full header data for use in security automation, analytics, or auditing purposes.
You pay only for what you use. AWS WAF provides a customizable, self-service offering, and pricing is based on how many rules you deploy and how many web requests your web application receives. There are no minimum fees and no upfront commitments.
Our Clients Say
Kai Palomäki
CTO
Very professional approach. We've received help each time we've needed. We're happy customers!
Martin Jurík
Channel Partner Manager
Extremely helpful and friendly approach from the StormIT guys. They helped us optimize the setup for the cloud version of our digital trust OBELISK products. I would recommend the cooperation to everybody:)
Bojana Jovanovic
Professional Associate
During our AWS Direct Connect project, help from StormIT was of a great value for us. They helped us understand requirements from AWS and map AWS design into our network configuration.
Goran Miskovic
Cloud Consultant
Times of Malta website is the highest-ranked Maltese website. It is ranked among the top 3,500 websites in the world, measured by Alexa. Guys from StormIT provided invaluable help and deep insights during the nine months of migration.
Matt Rizzo
CEO
We've been working with StormIT for the past 3 years now and they have always been very helpful in ensuring our AWS environments are set up correctly, in a cost-effective manner and, most importantly, they are secure.
Fabien Ricard
CEO
What stood out with StormIT is consistent, reliable and strong customer service. We feel like a true partner, not a number. That is one of the main reasons why I would very likely recommend StormIT.
Bruce Pales
CEO
The good folks at StormIT are competent, proactive, responsive, and friendly.
Robert Tarabcak
Co-Founder
Excellent communication, tremendous help and time-saving solutions!
Tomislav Rašeta
DevOps Engineer
StormIT has proven to be excellent AWS partner in terms of CloudFront offerings, reaction, transparency and pricing. Personally, I was very satisfied with fast support response and quickly resolving any issues we had.
Martin Doleček
IT Security Director
They are always professional, straightforward, fast
Roman Novák
CTO & Co-founder
Great local AWS partner. They are friendly, helpful, and have given us good advice and AWS discounts.
Uros Jojic
President & Founder
Smooth and professional service so far. Very easy to do business with.
Philippe Schroeter
Product Manager
The migration went smoothly and we received the answers to our questions during that phase.
Boris Brzac
CTO
Excelent work in meeting our expectations for Cloudfront service.
Daniel D'Agostino
Software Janitor
StormIT were very helpful and guided us through setting up the architecture we needed to build.
Robert Kalocai
Founder
Guys from StormIT are always professional and ready to helps us with any issue that we found on our business way.
Tomáš Niederle
Business Manager
Very quick, operative and efficient communication on AWS consulting services. Deep product and technology focus, very good business overview.
Petr Slepička
Executive Director
Extensive technical product knowledge, professional approach.