🛡️ What is AWS WAF? Protecting Web Applications Made Simple

Vaishnavi JadhavVaishnavi Jadhav
3 min read

When I first came across AWS WAF (Web Application Firewall), it sounded a bit scary — like something only security experts would understand. But once I broke it down, it actually made a lot of sense.

So here’s what I learned (and also tried out) about AWS WAF.

What is AWS WAF?

Think of AWS WAF as a security guard for your website.
It stands at the entry gate, checks every visitor (incoming request), and decides whether to allow or block them based on rules you define.

It helps protect web apps from:

  • SQL Injection (hackers trying to sneak malicious code into your database)

  • Cross-Site Scripting (XSS) (scripts injected into your website to trick users)

  • Bad bots or suspicious IPs

In short: WAF = Filter + Protection + Peace of mind.

🖥️ A Simple Example

Imagine you have a small online store running on AWS.

  • Normal visitors should be able to browse and shop.

  • But attackers trying to send weird requests or bots trying to spam your site should be blocked.

With AWS WAF, you can:
âś… Block traffic from certain countries or IPs
âś… Stop requests that match attack patterns
âś… Allow only clean traffic to your site

It’s like having a bodyguard who only lets in genuine customers.

Hands-On Project: Implementing AWS WAF

Here’s how I practiced with AWS WAF (in simple steps).

1. Set Up a Sample App

  • I launched a simple web application on an EC2 instance. (This could even be a basic "Hello World" website.)

2. Configure AWS WAF

  • I created a WebACL (Web Access Control List) in AWS WAF.

  • Added rules like:

    • Block requests with suspicious SQL keywords

    • Block traffic from certain IPs

3. Test AWS WAF

  • Sent some test requests (like trying a fake SQL injection).

  • WAF blocked them immediately

  • Clean requests still worked fine

That was my little "aha moment" — realizing how WAF can instantly protect apps without me writing complex code.

Why AWS WAF is Useful

  • Easy to set up (no need to be a cybersecurity expert).

  • Protects apps in real-time.

  • Fully managed by AWS → you don’t need to maintain hardware firewalls.

  • Scales automatically with your traffic.

Wrap-Up

On Day 2, I learned that AWS WAF is like a smart filter for web applications. It doesn’t just protect against hackers — it gives you confidence that your app is safer on the internet.

For my mini project, I tested it with a sample app, created rules, and actually saw it block malicious traffic. That made the concept very real for me.

Next, I want to explore how WAF works together with AWS CloudFront and ALB (Application Load Balancer) for even stronger security.

0
Subscribe to my newsletter

Read articles from Vaishnavi Jadhav directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSaws-wafSecurity

Written by

Vaishnavi Jadhav
Vaishnavi Jadhav