Configuring the AWS WAF Anti-DDoS managed rule group for your resources and clients
Networking & Content Delivery Blog
The article discusses configuring the AWS WAF Anti-DDoS managed rule group to protect resources while maintaining a good user experience during potential DDoS attacks.
- The rule group uses soft and hard mitigations to detect and block DDoS threats
- Challengeable requests (typically GET methods) receive a JavaScript challenge
- Different scenarios are presented for handling clients with varying challenge support
- Recommended strategies include:
- Using AWS WAF client integrations (JavaScript/Mobile SDKs)
- Adjusting challenge sensitivity
- Creating rate-based rules to limit suspicious requests
- Using CAPTCHA for additional protection
- For more advanced protection, AWS Shield Advanced is recommended
The goal is to balance effective DDoS mitigation with minimal disruption to legitimate users across different types of clients and applications.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Dec 10
2025
2025
How to customize your response to layer 7 DDoS attacks using AWS WAF Anti-DDoS AMR
Jun 27
2025
2025
AWS Firewall Manager provides support for AWS WAF L7 DDOS managed rules
Jun 12
2025
2025
AWS WAF now supports automatic application layer distributed denial of service (DDoS) protection
Sep 13
2024
2024
AWS WAF Bot Control Managed Rule Group expands bot detection capabilities
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.