Setting up WAF (Web Application Firewall) with Porter

Last updated: September 22, 2025

There are two main options for implementing a Web Application Firewall (WAF) with your Porter applications: Cloudflare WAF or AWS WAF. Here's what you need to know about each approach.

Recommended Approach: Cloudflare WAF

We recommend using Cloudflare WAF over AWS WAF for most use cases due to:

  • Lower long-term costs

  • Easier setup process

  • No application downtime required for implementation

Alternative: AWS WAF

AWS WAF is an alternative to Cloudflare WAF, and we have native support for it. However, the user must be aware that this will need:

  • Switching from Network Load Balancer (NLB) to Application Load Balancer (ALB)

  • Planning for downtime during the load balancer migration

  • Updating DNS records due to the changed load balancer endpoint

Switching to AWS WAF requires changing your load balancer type from NLB to ALB. This change will cause temporary downtime during the migration.

Implementation Steps

For either option:

  1. Cloudflare WAF: Configure directly through your Cloudflare dashboard

  2. AWS WAF: Ask us to enable the feature that allows the switch to it on the dashboard.