Blocking bots using AWS WAF

Example to block bots on APIGateway

1. First create a condition. Below example condition is to match a header —

2. Then create a rule. A rule can have multiple condition. Ideally a rule condition is a group of related checks.

3. Then associate the rule to the web-acl that the APIGateway endpoint points to.

4. Example below is a webacl used by an app endpoint.