AWS WAF Security

AWS WAF (Web Application Firewall) is a layer 7 firewall — it inspects HTTP/HTTPS requests and blocks malicious ones. Unlike Shield (which protects against DDoS volume), WAF protects against intelligent attacks: SQL injection, XSS, credential stuffing, bot attacks, cache-busting. WAF is rule-based: define rules (block if User-Agent matches bot pattern, block if request body contains SQL injection signature, rate limit if IP makes >100 requests/min). Attach to CloudFront, API Gateway, Application Load Balancer, or AppSync.