To control the web request, we use WAF conditions, rules and web access control list.
It defines AWS WAF to watch for web request that contains - cross-site scripting, IP addresses, Geographical location, size constraints, SQL injection, etc.
Combine the condition with rules to precisely target the requests that you want to allow, block or count. There are two types of rules - Regular Rule and Rate Based rule.
- Regular rule - Use only conditions to target specific requests
- Rate Based Rule - It has an additional feature to target specific requests.
This is the section where you define actions for each rule. There are three actions - allow, block, count.