AWS WAF on custom website

Question

I have a website that is not protected by a WAF. I would like to configure a AWS WAF to it.

I could not find any option on AWS WAF to protect a custom website, just cloud front deployment.

Is it possible to protect a custom website that is not using Cloud Front?

score 1 · Answer 1 · answered Mar 27 '17 at 22:55

1

No, you can't protect a website with AWS WAF without serve it through CloudFront.

You can read more here on this FAQ: https://aws.amazon.com/waf/faq/

But it's not that hard to install CloudFront over your (static or dynamic) website, here are a few links to the documentation:

answered Mar 27 '17 at 22:55

Kmaschta

2,369
1
18
36

2

This is only half-correct, since December, 2016, when WAF was integrated with Applicaction Load Balancer: https://aws.amazon.com/about-aws/whats-new/2016/12/AWS-WAF-now-available-on-Application-Load-Balancer/ – Michael - sqlbot Mar 27 '17 at 23:53
and also API Gateway is supported – PCB Dec 01 '19 at 03:25

Masood · Answer 2 · 2020-06-30T13:07:22.543

0

Yes it is possible only if your website or API hosted in ALB (Application Load Balancer). For those who have come here to find out how you could achieve this, here is the reference

Implementing AWS WAF

edited Jun 30 '20 at 13:07

answered Jun 30 '20 at 09:39

Masood

121
4

AWS WAF on custom website

2 Answers2