AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
You can use AWS WAF for your Amazon API Gateway APIs to protect from attacks such as SQL injection and Cross-Site Scripting (XSS). Additionally, you can filter web requests based on IP address, geographic area, request size, and/or string or regular expression patterns using the rules.
In this example, WAF is setup to only let in requests made from Android and IOS browsers. This was done using string match of the User-Agent header passed in HTTP requests.