Amazon WAF Classic
Warning
Amazon WAF Classic support will end on September 30, 2025.
Note
This is Amazon WAF Classic documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see Migrating your Amazon WAF Classic resources to Amazon WAF.
For the latest version of Amazon WAF, see Amazon WAF.
Amazon WAF Classic is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer. Amazon WAF Classic also lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, API Gateway, CloudFront or an Application Load Balancer responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You also can configure CloudFront to return a custom error page when a request is blocked.
Topics
Creating and configuring a Web Access Control List (Web ACL)
Working with Amazon WAF Classic rule groups for use with Amazon Firewall Manager
Getting started with Amazon Firewall Manager to enable Amazon WAF Classic rules
Tutorial: Creating an Amazon Firewall Manager policy with hierarchical rules
How Amazon WAF Classic works with Amazon CloudFront features