Protect against bots with AWS WAF Challenge and CAPTCHA actions
Networking & Content Delivery Blog
This article provides an overview of how AWS WAF's Challenge and CAPTCHA actions work to protect against bot threats. It covers the technical details of how these actions interact with clients and users, as well as how to integrate them into web applications.
Specifically, the article covers:
- How Challenge and CAPTCHA actions work, including the three stages of client interaction
- Integrating these actions with or without the AWS WAF application integration SDK
- Example use cases like protecting against DDoS threats (Challenge) and requiring CAPTCHA based on IP reputation
- How tokens are generated and used to identify and manage bot traffic
- The benefits of using Challenge and CAPTCHA actions against bots
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Oct 25
2024
2024
How to mitigate bot traffic by implementing Challenge actions in your AWS WAF custom rules
Aug 1
2025
2025
How to manage AI Bots with AWS WAF and enhance security
Mar 7
2025
2025
How to use AWS WAF Bot Control for Targeted Bots signals and mitigate evasive bots with adaptive user experience
Sep 13
2024
2024
AWS WAF Bot Control Managed Rule Group expands bot detection capabilities
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.