We are pleased to announce the release of the “CloudWAF” mode of the Web Application Firewall. The Web Application Firewall monitors, filters and blocks HTTP and HTTPS-based network traffic to a web server. The customer can create, manage, configure and monitor the Web Application Firewall as well as configure/activate various policies and log their activities.
The new CloudWAF combines the advantages of the existing WAF modes:
- Cloud-native billing - based on the number of protected websites / domains (as with Dedicated WAF), requests (as with Shared WAF) and rules
- Already cheaper than the Shared WAF from 2 domains / websites
- New functions (as with Dedicated WAF)
- Geo-blocking
- LTS integration for log storage
- IAM policies for granular authorization assignment
- Shared resources (standard high availability thanks to Multi-AZ setup) - no customer interaction necessary for updates (as with Shared WAF)
- Integration with Elastic Load Balancer (as with Dedicated WAF)
- ELB security policies can be used, e.g. to enforce TLS 1.3
- The web server can be placed in the internal VPC network and does not have to be accessible on the Internet
- Simpler configuration & architecture
- Same performance as Shared WAF
- Administration the CloudWAF and the Dedicated WAF are in the same menu
The CloudWAF is initially available in the EU-DE region and will also be made available in the EU-NL region in the future. The CloudWAF is currently configured and managed in the "Web Application Firewall (Dedicated)" menu. The menu entry will be renamed shortly.
Important notice: Due to technical reasons, the CloudWAF only runs with Elastic Load Balancers (ELB) created after 27.01.2025.
The CloudWAF will replace the classic WAF (Shared WAF) in the long term. You can find more information on this in the OTC Community Techblog.