AWS WAF Classic
This page was generated from content adapted from the AWS Developer Guide
Setting up AWS WAF Classic
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Note If you're a new user to AWS WAF, don't follow these setup steps for AWS WAF Classic. Instead, follow the steps for the latest version of AWS WAF, at Setting up.
Note AWS Shield Standard is included with AWS WAF Classic and does not require additional setup. For more information, see How AWS Shield works.
How AWS WAF Classic works
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Note You can also use AWS WAF Classic to protect your applications that are hosted in Amazon Elastic Container Service (Amazon ECS) containers. Amazon ECS is a highly scalable, fast container management service that makes it easy to run, stop, and manage Docker containers on a cluster. To use this option, you configure Amazon ECS to use an AWS WAF Classic enabled Application Load Balancer to route and protect HTTP/HTTPS (layer 7) traffic across the tasks in your service. For more information, see the topic Service Load Balancing in the Amazon Elastic Container Service Developer Guide.
AWS WAF Classic pricing
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Getting started with AWS WAF Classic
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Note AWS typically bills you less than US $0.25 per day for the resources that you create during this tutorial. When you're finished with the tutorial, we recommend that you delete the resources to prevent incurring unnecessary charges.
Note For more information about IP match conditions, see Working with IP match conditions.
Note For more information about geo match conditions, see Working with geographic match conditions.
Note For more information about string match conditions, see Working with string match conditions.
Note For more information about regex match conditions, see Working with regex match conditions.
Note For more information about string match conditions, see Working with SQL injection match conditions.
Note For more information about rules, see Working with rules.
Note AWS typically bills you less than US $0.25 per day for the resources that you create during this tutorial. When you're finished, we recommend that you delete the resources to prevent incurring unnecessary charges.
Creating and configuring a Web Access Control List (Web ACL)
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Working with AWS WAF Classic rule groups for use with AWS Firewall Manager
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Important If you want to add an AWS Marketplace rule group to your Firewall Manager policy, each account in your organization must first subscribe to that rule group. After all accounts have subscribed, you can then add the rule group to a policy. For more information, see AWS Marketplace rule groups.
Getting started with AWS Firewall Manager to enable AWS WAF Classic rules
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Tutorial: Creating a AWS Firewall Managerpolicy with hierarchical rules
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Note In the latest version of AWS WAF, this capability is built in and doesn't require any special handling. If you aren't already using AWS WAF Classic, use the latest version instead. See Creating an AWS Firewall Manager policy for AWS WAF.
Logging Web ACL traffic information
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Listing IP addresses blocked by rate-based rules
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
How AWS WAF Classic works with Amazon CloudFront features
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Note CloudFront can't distinguish between an HTTP status code 403 that is returned by your origin and one that is returned by AWS WAF Classic when a request is blocked. This means that you can't return different custom error pages based on the different causes of an HTTP status code 403.
Security
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
AWS WAF Classic quotas
Note This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF. For the latest version of AWS WAF, see AWS WAF.
Last updated