Protecting websites with traffic filter rules (including WAF rules)

Learn about traffic filter rules, including its subcategory of Web Application Firewall (WAF) rules in AEM as a Cloud Service (AEMCS). Read about how to create, deploy, and test the rules. Also, analyze the results to protect your AEM sites.


Reducing the risk of security breaches is a top priority for any organization. AEMCS offers the traffic filter rules feature, including WAF rules, to safeguard websites and applications.

Traffic filter rules are deployed to the built-in CDN and are evaluated before the request reaches the AEM infrastructure. With this feature, you can significantly enhance the security of your website, ensuring that only legitimate requests are allowed to access the AEM infrastructure.

This tutorial guides you through the process of creating, deploying, testing, and analyzing the results of traffic filter rules, including WAF rules.

You can read more about traffic filter rules in this article.

A subcategory of traffic filter rules called “WAF rules” require a WAF-DDoS Protection or Enhanced Security license.

We invite you to give feedback or ask questions about traffic filter rules by emailing

Next step

Learn how to set up the feature so you can create, deploy, and test traffic filter rules. Read about setting up the Elasticsearch, Logstash, and Kibana (ELK) stack dashboard tooling to analyze the results of your AEMCS CDN logs.