Web Application Firewall (WAF)

Edit on GitHub

AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits, SQL injections, cross-site scripting, or bots that may affect availability, compromise security, or consume excessive resources.

WAF protects your Spryker applications using a set of pre-defined rules. When a web request triggers a rule, WAF blocks it. Occasionally, you may be getting false positives. Usually, in a web application, a false positive results into error 403. If you get the error, troubleshoot it by following Tutorial — Troubleshooting 403 error.

AWS WAF is shipped with all environments, production and non-production.

For more information on WAF, see AWS WAF.