How to customize your response to layer 7 DDoS attacks using AWS WAF Anti-DDoS AMR
Security Blog
This article explains how to customize AWS WAF Anti-DDoS AWS Managed Rules (AMR) to tailor Layer 7 DDoS attack responses to your application's specific needs.
- Anti-DDoS AMR detects anomalies and labels requests with event-detected and ddos-request metadata
- Default mitigations combine Block and JavaScript Challenge actions based on suspicion levels
- Customize by adding rules using labels from Anti-DDoS AMR for enhanced protection
- Example 1: Block more aggressively outside core countries using geo-matching and labels
- Example 2: Lower rate-limiting thresholds during detected DDoS events
- Example 3: Adaptive response based on application capacity using count mode and custom labels
- Use JSON rule editor or IaC tools like CloudFormation to implement complex customizations
Combining Anti-DDoS AMR protections with custom rules enables fine-tuned defenses matching your risk profile and application scalability.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Nov 5
2025
2025
Configuring the AWS WAF Anti-DDoS managed rule group for your resources and clients
Jun 12
2025
2025
Introducing new application layer (L7) DDoS protections for AWS WAF and AWS Shield Advanced customers
Jun 27
2025
2025
AWS Firewall Manager provides support for AWS WAF L7 DDOS managed rules
Jun 12
2025
2025
AWS WAF now supports automatic application layer distributed denial of service (DDoS) protection
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.