Web application attacks denied.

As web app and API attacks grow more sophisticated and more frequent, better tools are needed to keep up with the growing volume and variety of attacks. AWS and Fortinet help you protect your business from known and unknown threats.

Cloud-native. Cloud-scale.

AWS Web Application Firewall (WAF) delivers the basic security and features you need to be PCI compliant and give your organization the foundational protection it needs. But depending on the size and complexity of your business, this may not be enough.

Start with FortiWeb Managed Rules for AWS WAF to bolster your cloud security capabilities. Then, look to FortiAppSec Cloud to add advanced capabilities that go beyond the basics to offer more customization, control, and peace of mind with AI-ready threat protection.

blue bar grid dots

Begin by building your best defense.

Out-of-the-box protection is a great place to start. It covers PCI compliance and gives you some modest customization and scalability options. But for true web application protection without increased manual effort, more sophisticated capabilities are a must.

Get to always-on and always defending.

Layer on Fortinet’s WAF rulesets with the check of a box—for always-on protection.

Automatic Updates

Reduce manual effort by provisioning rules to subscribers automatically.

Bot Protection

Block unknown content scrapers, spiders, and other automated clients OWASP-identified risks.

Global Rule Deployment

Deploy rules globally, ensuring consistent security across all regions.

Simplification

Reduce time spent on rule creation and maintenance with continual updates from FortiGuard Labs.

  • This ruleset is an excellent tool we can use on AWS WAF to protect applications easily from OWASP Top 10 attacks.

Truc N., Information Security Engineer

setup

ADD WAF RULES

Setup to not
keep you up.

 setup

Protect against OWASP’s most wanted.

Fortinet’s WAF rules free you from writing your own rules. Instead, rules are updated continuously with FortiGuard Labs threat intelligence, and are based on the FortiWeb WAF security service signatures to provide the best protection against threats.

1

General and Known Exploits

Protect against numerous Injection attacks, URL redirects, HTTP response splitting, database disclosure vulnerabilities and other common exposures.

2

Malicious Bots

Analyze requests and block known content scrapers, spiders, and other unwanted automated clients looking for vulnerabilities.

3

SQLi/XSS

Provides protection from the two primary web application attack types identified in the OWASP Top 10, SQLi and XSS.

Start with WAF rules.

TRY IN AWS MARKETPLACE
aws-waf

Managed Rules for AWS WAF

Read solution brief
security summary thumb

Protect Your Web Applications and APIs

Read security summary

Strengthen Your Cloud Security With Managed Rules

WATCH TUTORIAL

EXPAND YOUR PROTECTION

AWS security isn’t always about the threats you know.

It’s about the ones you don’t—and Fortinet’s managed WAF rules might not be enough to protect your business. In the battle against bad actors and growing AI-delivered attacks, Fortinet helps you level the playing field with FortiAppSec Cloud

With cloud-native integration, FortiAppSec Cloud protects against zero-day threats, humanlike bots, and API vulnerabilities. Global server load balancing (GSLB) and a secure AWS-connected content delivery network (CDN), delivers resilient, high-performance security in a single solution. All to reduce complexity, enhance protection, and optimize user experiences.

Gain AI-Driven Threat Protection

Secure Web Apps and APIs Against Zero-Day Exploits

Give Your Team Always-On Security

Deliver Seamless Experiences