BLOG

Strengthen AWS WAF Against Critical Application Threats

Dave Morrissey Thumbnail
Dave Morrissey
Published March 18, 2025

As businesses embrace cloud-driven transformations, their web applications become prime targets for cyber threats. Many companies struggle to keep their web applications safe and secure from the ever-increasing frequency of complex cyberattacks. Creating custom rules for a web application firewall (WAF) to protect against the latest threats and tactics can be time-consuming, complex, and expensive, leaving many asking, “How do I keep my web apps safe against the latest attacks?”

Better together: AWS WAF and F5

Adopting a layered approach to security is crucial. No single solution can protect against all possible attacks, and cybercriminals constantly evolve their techniques. Adding managed rules from F5 to AWS WAF provides a powerful combination of secure protection for web apps with easy configuration, deployment, and automated updates that continuously protect and defend your application from the latest attacks. F5 has received the F5 AWS WAF Ready designation, which recognizes the successful integration.

Enhancing security with F5 Managed Rules

F5 Managed Rules for AWS WAF delivers pre-configured security rulesets designed to improve AWS WAF's protection capabilities. From bot and API protection to defense against web exploits and vulnerabilities, these rulesets enhance AWS WAF to help keep your apps and data secure. They include:

  • Web Exploits OWASP Rules: Guards against OWASP Top 10 threats, including cross-site scripting, SQL injection, path traversal, and predictable resources.
  • Bot Protection Rules: Analyzes all incoming requests and blocks any malicious bot activities identified, including DDoS tools, vulnerability scanners, web scrapers, and forum spam tools.
  • API Security Rules: Protects against API-level attacks, XML external entity attacks, and server-side request forgery (SSRF), offering support for both XML and JSON payloads and other standard web API frameworks.
  • Common Vulnerabilities and Exposures (CVE) Rules: Defends against high-profile CVEs in popular systems such as Apache, Java, MySQL, WordPress, and many more.

Enhance app security with F5 Managed Rules for AWS WAF

These four rulesets provide advanced protection for your modern web applications, keeping them safe in an easy-to-use, easy-to-deploy, scalable, and cost-effective security solution.

Benefits of using F5 Managed Rules for AWS WAF

  • Enhanced protection: F5 Managed Rules provide additional security against a wide range of malicious threats that seamlessly integrate with AWS WAF.
  • Expertise and continuous updates: F5 security experts continuously monitor, maintain, and update the rulesets to ensure protection against the latest threats.
  • Easy implementation: F5 Managed Rules can be quickly deployed to new or existing AWS WAF instances with minimal configuration, offering a plug-and-play solution.
  • Cost-effective: The rules are licensed on a pay-as-you-go basis, meaning you only pay for what you use, with no contracts or commitments.
  • Time and resource savings: By leveraging pre-configured rules, you can save significant time and effort in implementing and maintaining custom security rules, potentially reducing development and maintenance costs.

In addition, F5 Managed Rules can help your organization meet its compliance requirements for protecting your web applications and data.

Getting started

Applying the rules is easy. F5 Managed Rules for AWS WAF are available on AWS Marketplace. Choose which offers or combinations best suit your organization’s needs. F5 Managed Rules for AWS WAF can be easily applied in minutes to new or existing AWS WAF instances.

To get started, follow the steps below:

  1. Identify the F5 ruleset(s) you wish to attach to your AWS WAF and navigate to its listing in AWS Marketplace.
  2. Subscribe to the desired managed rules via the AWS Marketplace listing.
  3. Configure the web ACL for AWS WAF and add the desired rules.

Detailed, step-by-step deployment guidance can be found in the AWS Marketplace.

Visit f5.com/aws to learn more about the partnership.