Token use in Amazon WAF intelligent threat mitigation
This section explains what Amazon WAF tokens do.
Amazon WAF tokens are an integral part of the enhanced protections offered by Amazon WAF intelligent threat mitigation. A token, sometimes called a fingerprint, is a collection of information about a single client session that the client stores and provides with every web request that it sends. Amazon WAF uses tokens to identify and separate malicious client sessions from legitimate sessions, even when both originate from a single IP address. Token use imposes costs that are negligible for legitimate users, but expensive at scale for botnets.
Amazon WAF uses tokens to support its browser and end user challenge functionality, which is provided by the application integration SDKs and by the rule actions Challenge and CAPTCHA. Additionally, tokens enable features of the Amazon WAF Bot Control and account takeover prevention managed rule groups.
Amazon WAF creates, updates, and encrypts tokens for clients that successfully respond to silent challenges and CAPTCHA puzzles. When a client with a token sends a web request, it includes the encrypted token, and Amazon WAF decrypts the token and verifies its contents.
Topics
- How Amazon WAF uses tokens
- Amazon WAF token characteristics
- Setting timestamp expiration and token immunity times in Amazon WAF
- Specifying token domains and domain lists in Amazon WAF
- Types of token labels in Amazon WAF
- Blocking requests that don't have a valid Amazon WAF token
- Required configuration for Application Load Balancers that are CloudFront origins