How to mitigate bot traffic by implementing Challenge actions in your AWS WAF custom rules
Security Blog
This article explains how to mitigate bot traffic by implementing Challenge actions in your AWS WAF custom rules or using the Bot Control feature.
Specifically, the article covers:
- Why it's important to mitigate bot traffic to reduce impact on application availability and performance
- How the Challenge action works by presenting a challenge that web browsers can process but bots typically cannot
- Option 1: Implementing Challenge action through a custom rate-limiting rule, with step-by-step instructions
- Option 2: Using the Bot Control managed rule group in AWS WAF for more advanced bot detection and mitigation
- Recommendations for using AWS Firewall Manager to centrally manage WAF rules across multiple accounts
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jul 15
2024
2024
Protect against bots with AWS WAF Challenge and CAPTCHA actions
Sep 13
2024
2024
AWS WAF Bot Control Managed Rule Group expands bot detection capabilities
Mar 7
2025
2025
How to use AWS WAF Bot Control for Targeted Bots signals and mitigate evasive bots with adaptive user experience
Aug 1
2025
2025
How to manage AI Bots with AWS WAF and enhance security
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.