BLOG

Announcing F5 Managed Rulesets for AWS WAF

Andrew Hendry Miniature
Andrew Hendry
Published March 02, 2018
  • Share to Facebook
  • Share to Twitter
  • Share to Linkedin
  • Share via AddThis

Last November at F5’s booth at AWS re:Invent, we polled IT professionals on whether their biggest app challenge results from security, skills deficiency, or cloud migration complexity. Unsurprisingly, the leading concern by far was security – after all, web application attacks were the #1 source of data breaches in 2017, according to Verizon.

Now, not all applications are the same, and therefore the security requirements differ depending on a number of factors, including business purpose, deployment location, sensitivity or importance of user data, and regulatory requirements. And for certain applications, the advanced functionality and protection offered by enterprise-grade web application firewalls (such as F5’s BIG-IP ASM) may not be required, at least not initially, and a more basic firewall like a cloud provider’s native WAF will suffice.

For those builders who have, or are thinking about implementing, an AWS WAF to front their applications, we have some exciting news. AWS has just announced the availability of new F5 managed security rulesproducts on AWS WAF. These products can be used in conjunction with the native AWS WAF to bolster the overall security posture of your applications. F5 has developed 3 separate rulesets – each providing unique protection against varying threat types. These are:

  • Bot Protection – Prevents malicious bot activities such as vulnerability scanners, web scrapers, DDoS tools, and forum spam tools.
  • CVE Vulnerabilities – Protects from common vulnerabilities and exposures (CVE) targeting systems such as Apache, Bash, Java, MySQL, Ruby On Rails, and WordPress.
  • Web Exploits – Guards against attacks that are part of OWASP Top 10 threats, including cross-site scripting, SQL injection, path traversal, and predictable resource.


All rules are written, managed, and updated regularly by F5 security experts, so you never need worry about manually updating versions to protect against emerging vulnerabilities. In addition, you can add these advanced WAF capabilities to your native AWS WAF in a few clicks, apply them to specific applications, and only pay for what you use on a pay-as-you-go utility model without contracts or other commitments.

This integrated solution gives builders an easy way to take advantage of F5’s industry-leading WAF for their AWS applications.

Additional Resources