Welcome - Amazon WAFV2
Amazon WAFV2Amazon WAF ClassicAmazon WAF Classic Regional
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Welcome

Amazon WAFV2

Note

This is the latest version of the Amazon WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like "V2" or "v2", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.

If you used Amazon WAF prior to this release, you can't use this Amazon WAFV2 API to access any Amazon WAF resources that you created before. You can access your old rules, web ACLs, and other Amazon WAF resources only through the Amazon WAF Classic APIs. The Amazon WAF Classic APIs have retained the prior names, endpoints, and namespaces.

For information, including how to migrate your Amazon WAF resources to this version, see the Amazon WAF Developer Guide.

Amazon WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, Amazon AppSync GraphQL API, Amazon Cognito user pool, Amazon App Runner service, or Amazon Verified Access instance. Amazon WAF also lets you control access to your content, to protect the Amazon resource that Amazon WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.

This API guide is for developers who need detailed information about Amazon WAF API actions, data types, and errors. For detailed information about Amazon WAF features and guidance for configuring and using Amazon WAF, see the Amazon WAF Developer Guide.

You can make calls using the endpoints listed in Amazon WAF endpoints and quotas.

  • For regional applications, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an Amazon AppSync GraphQL API, an Amazon Cognito user pool, an Amazon App Runner service, or an Amazon Verified Access instance.

  • For Amazon CloudFront applications, you must use the API endpoint listed for US East (N. Virginia): us-east-1.

Alternatively, you can use one of the Amazon SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon SDKs.

We currently provide two versions of the Amazon WAF API: this API and the prior versions, the classic Amazon WAF APIs. This new API provides the same functionality as the older versions, with the following major improvements:

  • You use one API for both global and regional applications. Where you need to distinguish the scope, you specify a Scope parameter and set it to CLOUDFRONT or REGIONAL.

  • You can define a web ACL or rule group with a single call, and update it with a single call. You define all rule specifications in JSON format, and pass them to your rule group or web ACL calls.

  • The limits Amazon WAF places on the use of rules more closely reflects the cost of running each type of rule. Rule groups include capacity settings, so you know the maximum cost of a rule group when you use it.

Amazon WAF Classic

Note

This is Amazon WAF Classic documentation. For more information, see Amazon WAF Classic in the developer guide.

For the latest version of Amazon WAF , use the Amazon WAFV2 API and see the Amazon WAF Developer Guide. With the latest version, Amazon WAF has a single set of endpoints for regional and global use.

This is the Amazon WAF Classic API Reference for using Amazon WAF Classic with Amazon CloudFront. The Amazon WAF Classic actions and data types listed in the reference are available for protecting CloudFront distributions. You can use these actions and data types via the endpoint waf.amazonaws.com. This guide is for developers who need detailed information about the Amazon WAF Classic API actions, data types, and errors. For detailed information about Amazon WAF Classic features and an overview of how to use the Amazon WAF Classic API, see the Amazon WAF Classic in the developer guide.

Amazon WAF Classic Regional

Note

This is Amazon WAF Classic documentation. For more information, see Amazon WAF Classic in the developer guide.

For the latest version of Amazon WAF , use the Amazon WAFV2 API and see the Amazon WAF Developer Guide. With the latest version, Amazon WAF has a single set of endpoints for regional and global use.

This is the Amazon WAF Classic Regional API Reference for using Amazon WAF Classic with the Amazon resources, Elastic Load Balancing Application Load Balancers and Amazon API Gateway APIs. The Amazon WAF Classic actions and data types listed in the reference are available for protecting these resource types. You can use these actions and data types by means of the endpoints listed in Amazon WAF Classic endpoints and quotas. This guide is for developers who need detailed information about the Amazon WAF Classic API actions, data types, and errors. For detailed information about Amazon WAF Classic features and an overview of how to use the Amazon WAF Classic API, see the Amazon WAF Classic in the developer guide.