AWS GovCloud (US)
User Guide


To help protect your websites and web applications from attacks, you can integrate CloudFront with AWS WAF, a web application firewall. With AWS WAF, you can filter traffic based on conditions you specify, such as the IP addresses from which requests originate or values that appear in headers or query strings. CloudFront responds to HTTP and HTTPS requests with either the requested content or an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked.

For more information about AWS WAF, see the AWS WAF Developer Guide. For information about how to add the ID for an AWS WAF web access control list (web ACL) to a CloudFront distribution, see the Values that You Specify When You Create or Update a Web Distribution topic in the Amazon CloudFront Developer Guide.