Migration: AWS WAF Classic (v1) to AWS WAF v2

Client Overview

A Tier-1 broadcast news network ( Independent News Service Private Limited ) operating multiple high-traffic web and mobile platforms migrated from AWS WAF Classic (v1) to AWS WAF v2 to improve application-layer security, enhance observability, and align with cloud-native, modular governance best practices.
The company delivers breaking news, video streaming, and real-time updates through:-

  1. 4+ public-facing web portals
  2. 4+ mobile/API endpoints
  3. Millions of daily users, including extremely high concurrency during live coverage, sports broadcasts, and national events.

Key Challenges:-

The company was facing a lot of challenges with AWS WAFv1 due to limitations related to Rule limits , granularity , sample request filtering and absence of several key features in WAFv1.  These included :-

  1. Observability :- Customer was facing difficulty in analyzing sample request pattern through URI as effective search functionality option was missing
  2. IP address management : IP List handling was manual and was bound by low capacity limits.
  3. Automation: Fully automating “waf security automation” was not possible with WAFv1
  4.  Functionality : Several features provided through AWS Managed Rules ie. Anonymous IP protection were not available in WAFv1

Objectives

  1. Upgrade from WAF Classic to WAF v2 to leverage:
  2. Advanced rate-based rules
  3. Modular rule groups
  4. JSON logging and improved visibility
  5. Enhance protection against bad bots, content scrapers, comment spammers, and Layer 7 attacks
  6. Improve operational agility by allowing security engineers to manage rules per property (domain/app)
  7. Avoid vendor lock-in by migrating from legacy Akamai rule sets to modular AWS-native solutions

Maneuvers

🔁 Migration Plan

•Conducted WAFv1 audit using list-web-acls and get-web-acl APIs
•Mapped all rules (IP sets, regex match sets, string match conditions) to WAF v2 equivalents
•Developed WAF v2 Web ACLs per property (e.g. news-web, sports-app, api-core)
•Used Cloudformation for deploying security automations template

🔒 Rule Improvements in WAF v2

•OWASP Top 10 protections via AWS managed rule groups
•Custom rate-limiting rules:
•Separate thresholds for APIs
•Adaptive protection for comment and feedback forms
•Regex Match Rules:
•Block malformed URLs and query string injection patterns

🧩 Modular Rule Groups

•Separated rules by function:
•RateLimit-APIs
•Security-Core
•SEO-Filters / AI Bot filtering
•Custom-Country-Blocks
•Applied via Web ACL associations at CloudFront & ALB levels

📊 Operational Enhancements

•Enabled full WAF v2 logging to S3 with Athena dashboards for live analysis
•Integrated with Amazon CloudWatch and SNS for automated alerts on blocked patterns or threshold breaches
•Allowed DevSecOps teams to test rule changes via staging ACLs before production deploy

Operational and Business Impact

  1. Improved Response Time: Security teams can modify or test WAFv2 rules without dependency on centralized ACLs or full redeploys.
  2.  Enhanced Protection: Mitigated multiple Layer 7 attacks, including zero-day pattern bursts and geo-targeted bots, during national events.
  3.  Better Observability: Deep visibility into request logs enabled rapid diagnosis of false positives and iterative tuning of regex match rules.
  4. Scalability: Modular ACLs allowed tailored policies across multiple application stacks without overlap.
  5.  Security: Migration impact to WAFv2 with custom ruleset lead to identification and filtering out 5x more malicious requests as compared to WAFv1. Customers also realized most of the bigger attacks originated from Private or Cloud data centers and were mitigated through “Anonymous IP” aws managed service.

Conclusion

The WAF v2 migration empowered the client to adopt a cloud-native, DevSecOps-aligned security posture, with automation, modularity, and observability at its core. The combination of AWS Managed Rule Sets, custom rule groups, and security automation elevated both performance and protection, supporting millions of users across the globe during high-stakes events. Client was able to reduce origin utilization by 20-30 % for its primary workloads after migrating to WAFv2.

 

Expert IT Consultation

Schedule a discussion with our IT specialists. Whether it's system upgrades, security, or digital transformation, our experts can help you navigate the IT landscape successfully.