AWS WAF Classic endpoints and quotas - AWS General Reference

AWS WAF Classic endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Note

This page provides information related to AWS WAF Classic. If you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated your web ACLs over yet, you must use AWS WAF Classic to access those resources. Otherwise, do not use this version.

For information related to the latest version of AWS WAF, see AWS WAF endpoints and quotas.

Service endpoints

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 waf.amazonaws.com HTTPS
US East (N. Virginia) us-east-1

waf.amazonaws.com

waf-fips.amazonaws.com

waf-fips.amazonaws.com

HTTPS

HTTPS

HTTPS

US West (N. California) us-west-1 waf.amazonaws.com HTTPS
US West (Oregon) us-west-2 waf.amazonaws.com HTTPS
Africa (Cape Town) af-south-1 waf.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 waf.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 waf.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 waf.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 waf.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 waf.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 waf.amazonaws.com HTTPS
Canada (Central) ca-central-1 waf.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 waf.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 waf.amazonaws.com HTTPS
Europe (London) eu-west-2 waf.amazonaws.com HTTPS
Europe (Milan) eu-south-1 waf.amazonaws.com HTTPS
Europe (Paris) eu-west-3 waf.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 waf.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 waf.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 waf.amazonaws.com HTTPS

AWS WAF Classic for Application Load Balancers and API Gateway APIs has the following endpoints:

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

waf-regional.us-east-2.amazonaws.com

waf-regional-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

US East (N. Virginia) us-east-1

waf-regional.us-east-1.amazonaws.com

waf-regional-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1

waf-regional.us-west-1.amazonaws.com

waf-regional-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

US West (Oregon) us-west-2

waf-regional.us-west-2.amazonaws.com

waf-regional-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

Africa (Cape Town) af-south-1

waf-regional.af-south-1.amazonaws.com

waf-regional-fips.af-south-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Hong Kong) ap-east-1

waf-regional.ap-east-1.amazonaws.com

waf-regional-fips.ap-east-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Jakarta) ap-southeast-3

waf-regional.ap-southeast-3.amazonaws.com

waf-regional-fips.ap-southeast-3.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Mumbai) ap-south-1

waf-regional.ap-south-1.amazonaws.com

waf-regional-fips.ap-south-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Osaka) ap-northeast-3

waf-regional.ap-northeast-3.amazonaws.com

waf-regional-fips.ap-northeast-3.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Seoul) ap-northeast-2

waf-regional.ap-northeast-2.amazonaws.com

waf-regional-fips.ap-northeast-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Singapore) ap-southeast-1

waf-regional.ap-southeast-1.amazonaws.com

waf-regional-fips.ap-southeast-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Sydney) ap-southeast-2

waf-regional.ap-southeast-2.amazonaws.com

waf-regional-fips.ap-southeast-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Tokyo) ap-northeast-1

waf-regional.ap-northeast-1.amazonaws.com

waf-regional-fips.ap-northeast-1.amazonaws.com

HTTPS

HTTPS

Canada (Central) ca-central-1

waf-regional.ca-central-1.amazonaws.com

waf-regional-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Frankfurt) eu-central-1

waf-regional.eu-central-1.amazonaws.com

waf-regional-fips.eu-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Ireland) eu-west-1

waf-regional.eu-west-1.amazonaws.com

waf-regional-fips.eu-west-1.amazonaws.com

HTTPS

HTTPS

Europe (London) eu-west-2

waf-regional.eu-west-2.amazonaws.com

waf-regional-fips.eu-west-2.amazonaws.com

HTTPS

HTTPS

Europe (Milan) eu-south-1

waf-regional.eu-south-1.amazonaws.com

waf-regional-fips.eu-south-1.amazonaws.com

HTTPS

HTTPS

Europe (Paris) eu-west-3

waf-regional.eu-west-3.amazonaws.com

waf-regional-fips.eu-west-3.amazonaws.com

HTTPS

HTTPS

Europe (Stockholm) eu-north-1

waf-regional.eu-north-1.amazonaws.com

waf-regional-fips.eu-north-1.amazonaws.com

HTTPS

HTTPS

Middle East (Bahrain) me-south-1

waf-regional.me-south-1.amazonaws.com

waf-regional-fips.me-south-1.amazonaws.com

HTTPS

HTTPS

South America (São Paulo) sa-east-1

waf-regional.sa-east-1.amazonaws.com

waf-regional-fips.sa-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-East) us-gov-east-1

waf-regional.us-gov-east-1.amazonaws.com

waf-regional-fips.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

waf-regional.us-gov-west-1.amazonaws.com

waf-regional-fips.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

Service quotas

Name Default Adjustable Description
Conditions per rule Each supported Region: 10 No The maximum number of conditions you can add to a rule.
Filters per SQL injection match condition Each supported Region: 10 No The maximum number of filters you can add to a SQL injection match condition.
Filters per cross-site scripting match condition Each supported Region: 10 No The maximum number of filters you can add to a cross-site scripting match condition.
Filters per size constraint condition Each supported Region: 10 No The maximum number of filters you can add to a size constraint condition.
Filters per string match condition Each supported Region: 10 No The maximum number of filters you can add to a string match condition.
GeoMatchSets Each supported Region: 50 No The maximum number of GeoMatchSets you can add to your account.
HTTP header name length Each supported Region: 40 No The length, in bytes, that you want AWS WAF to inspect the HTTP header for in a size constraint condition.
IP address ranges per IP set match condition Each supported Region: 10,000 No The maximum number of IP address ranges (in CIDR notation) you can add to an IP Set match condition.
IP addresses blocked per rate-based rule Each supported Region: 10,000 No The maximum number of IP addresses blocked per rate-based rule.
Locations per GeoMatchSet Each supported Region: 50 No The maximum number of locations you can add to a GeoMatchSet.
Logging destination configurations per web ACL Each supported Region: 1 No The maximum number of logging destination configurations you can add to a web ACL.
Pattern sets per regex match condition Each supported Region: 1 No The maximum number of pattern sets you can add to regex match condition.
Patterns per pattern set Each supported Region: 10 No The maximum number of patterns you can add to a pattern set in a regex match condition.
Rate of requests Each supported Region: 10,000 Yes The maximum number of requests per second on an Application Load Balancer. This limit applies only to AWS WAF on an Application Load Balancer. This limit can be increased using the AWS console.
Rate-based rule rate Each supported Region: 2,000 No The maximum number of requests from a single IP address allowed in a five-minute period.
Rate-based rules Each supported Region: 5 Yes The maximum number of rate-based rules you can create in your account.
Regex pattern length Each supported Region: 70 No The number of characters that you want AWS WAF to search for in the pattern in a regex match condition.
Regex pattern sets Each supported Region: 5 No The maximum number of regex pattern sets you can add to your account.
Rules Each supported Region: 100 Yes The maximum number of rules you can create in your account.
Rules per web ACL Each supported Region: 10 No The maximum number of rules you can add to a web ACL.
Search length Each supported Region: 50 No The length, in bytes, that you want AWS WAF to watch for in a size constraint condition.
Web ACLs Each supported Region: 50 Yes The maximum number of Web ACLs you can create in your account.

For more information, see AWS WAF Classic quotas in the AWS WAF Developer Guide.