Managed Rules and Rate Limiting

AWS Managed Rules are pre-built rule groups maintained by the AWS threat research team. They protect against common, evolving threats so you do not have to write and update every signature yourself. Most WAF deployments start with one or two managed groups as a strong baseline.

The Core Rule Set (CRS) is the foundational managed group, addressing a broad range of OWASP Top 10 risks. It blocks high-risk request patterns and serves as the default starting point for general web application protection before you add more targeted groups.