AWS WAF intelligent threat mitigation

This section covers the managed intelligent threat mitigation features provided by AWS WAF. These are advanced, specialized protections that you can implement to protect against threats such as malicious bots and account takeover attempts.

Note

The features described here incur additional costs, beyond the basic fees for using AWS WAF. For more information, see AWS WAF Pricing.

The guidance provided in this section is intended for users who know generally how to create and manage AWS WAF web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide.

Topics

Options for intelligent threat mitigation
Best practices for intelligent threat mitigation
AWS WAF web request tokens
AWS WAF Fraud Control account creation fraud prevention (ACFP)
AWS WAF Fraud Control account takeover prevention (ATP)
AWS WAF Bot Control
AWS WAF client application integration
CAPTCHA and Challenge in AWS WAF

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Label match examples

Mitigation options