Amazon WAF Classic
Warning
Amazon WAF Classic support will end on September 30, 2025.
Note
This is Amazon WAF Classic documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see Migrating your Amazon WAF Classic resources to Amazon WAF.
For the latest version of Amazon WAF, see Amazon WAF.
Amazon WAF Classic is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer. Amazon WAF Classic also lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, API Gateway, CloudFront or an Application Load Balancer responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You also can configure CloudFront to return a custom error page when a request is blocked.
Topics
- Setting up Amazon WAF Classic
- How Amazon WAF Classic works
- Amazon WAF Classic pricing
- Getting started with Amazon WAF Classic
- Creating and configuring a Web Access Control List (Web ACL)
- Working with Amazon WAF Classic rule groups for use with Amazon Firewall Manager
- Getting started with Amazon Firewall Manager to enable Amazon WAF Classic rules
- Tutorial: Creating a Amazon Firewall Managerpolicy with hierarchical rules
- Logging Web ACL traffic information
- Listing IP addresses blocked by rate-based rules
- How Amazon WAF Classic works with Amazon CloudFront features
- Security in Amazon WAF Classic
- Amazon WAF Classic quotas