Client Overview
A Tier-1 broadcast news network ( Independent News Service Private Limited ) operating multiple high-traffic web and mobile platforms migrated from AWS WAF Classic (v1) to AWS WAF v2 to improve application-layer security, enhance observability, and align with cloud-native, modular governance best practices.
The company delivers breaking news, video streaming, and real-time updates through:-
- 4+ public-facing web portals
- 4+ mobile/API endpoints
- Millions of daily users, including extremely high concurrency during live coverage, sports broadcasts, and national events.
Key Challenges:-
The company was facing a lot of challenges with AWS WAFv1 due to limitations related to Rule limits , granularity , sample request filtering and absence of several key features in WAFv1. These included :-
- Observability :- Customer was facing difficulty in analyzing sample request pattern through URI as effective search functionality option was missing
- IP address management : IP List handling was manual and was bound by low capacity limits.
- Automation: Fully automating “waf security automation” was not possible with WAFv1
- Functionality : Several features provided through AWS Managed Rules ie. Anonymous IP protection were not available in WAFv1
Objectives
- Upgrade from WAF Classic to WAF v2 to leverage:
- Advanced rate-based rules
- Modular rule groups
- JSON logging and improved visibility
- Enhance protection against bad bots, content scrapers, comment spammers, and Layer 7 attacks
- Improve operational agility by allowing security engineers to manage rules per property (domain/app)
- Avoid vendor lock-in by migrating from legacy Akamai rule sets to modular AWS-native solutions
Maneuvers
🔁 Migration Plan
🔒 Rule Improvements in WAF v2
🧩 Modular Rule Groups
📊 Operational Enhancements
Operational and Business Impact
- Improved Response Time: Security teams can modify or test WAFv2 rules without dependency on centralized ACLs or full redeploys.
- Enhanced Protection: Mitigated multiple Layer 7 attacks, including zero-day pattern bursts and geo-targeted bots, during national events.
- Better Observability: Deep visibility into request logs enabled rapid diagnosis of false positives and iterative tuning of regex match rules.
- Scalability: Modular ACLs allowed tailored policies across multiple application stacks without overlap.
- Security: Migration impact to WAFv2 with custom ruleset lead to identification and filtering out 5x more malicious requests as compared to WAFv1. Customers also realized most of the bigger attacks originated from Private or Cloud data centers and were mitigated through “Anonymous IP” aws managed service.
Conclusion
The WAF v2 migration empowered the client to adopt a cloud-native, DevSecOps-aligned security posture, with automation, modularity, and observability at its core. The combination of AWS Managed Rule Sets, custom rule groups, and security automation elevated both performance and protection, supporting millions of users across the globe during high-stakes events. Client was able to reduce origin utilization by 20-30 % for its primary workloads after migrating to WAFv2.






