AWS WAF works by applying web ACLs to resources such as API Gateway stages. Web ACLs consist of conditions, such as traffic originating from a certain IP address, and rules, which specify what happens when a certain condition is met.
Examples of conditions are as follows:
- Scripts
- IP addresses
- Geographic locations
- Request length
- SQL code in the request
- Headers
Examples of rules are:
- Regular rules that simply check conditions
- Rate-based rules that only apply if a certain condition is met a number of times
Web ACLs have a default action, such as allowing all traffic, and actions to take when a rule is activated, such as denying traffic from a certain IP.