Improving Website Performance and Security with AWS WAF and CloudFront
Uncover how we managed to improve website performance and security using AWS WAF and Amazon CloudFront.
OUR CUSTOMER
Online Travel Gear Store
Gorgany is a huge retail, wholesale & distribution company of outdoor equipment in Ukraine. The company specializes in wholesale trade of goods for tourism, mountaineering, skiing, and active recreation.
The Challenges
Growth of Cyber Threats
Previously, Romexsoft has successfully led a platform rebuild from the outdated OpenCart 1.5 to a modern Magento 2.4 Commerce platform. The growing popularity of the marketplace resulted in an increase in attempts of DDoS and SQL injection attacks along with different malicious activities causing site performance degradation – exploits and bots consume resources, skew metrics, and cause downtime.
If these issues are not resolved, it could lead not only to frequent service interruptions, but also to leaks of confidential customer data and a deterioration in the quality of user service. Moreover, the rapid growth in fake traffic can distort analytics, increase infrastructure costs due to unnecessary resource consumption, and require manual measures to fix the problem.
So Gorgany requested to protect their website, eliminating common web exploits as well as to enhance the overall user experience by speeding up content delivery on the platform.
The Solution
Optimizing Performance and Content Delivery
Web application protection
After the analysis of attacks, our experts discovered that the majority of requests were made from a single IP address in the course of a single wave of attack. Thus, integration with AWS WAF service seemed an ideal solution to mitigate those threats and ensure the website’s threat resistance.
On implementing the WAF service, we set up:
- rate-based limiting rules, which can detect spikes of requests from malicious IPs and then block them;
- different fine grained configurations for GET (e.g. page visit) and POST (e.g. checkout) requests;
- bot control to distinguish good bots from the bad ones as well as PHP and SQL injection detection rules.
Content delivery improvement
Another request of the client, associated with acceleration of the website content delivery to the end users, was met as Romexsoft suggested using AWS CloudFront (CF) – a large-scale, global, and feature-rich CDN service.
CloudFront speeds up the distribution of the content by routing each user request through the AWS backbone network to the edge location that can best serve your content. For this particular case, we chose the geographically closest CDN server (edge location) for the majority of Gorgany’s clientele, originally Ukrainian, located in Warsaw. This allowed for three times as fast website content loading, compare: the response time decreased from about 150-200 ms to 40-50 ms.
As you see, using the AWS CDN dramatically reduces the request-response path that your users’ must pass through which boosts website performance. Moreover, AWS CDN has seamless integration with AWS WAF.
The final configuration for the implemented content delivery solution is the following:
1. Alias record to CloudFront distribution in Route53 hosted zone.
2. CloudFront which has two origins:
- The first one to S3 with media static content (photos of products) cached in CF;
- The second one to ALB where static assets (js/css) are cached in CF and dynamic html with no cache.
3. AWS WAF configured with rate-based limit rules, bot control rules and default AWS PHP and SQL rules set against injections.
Website Performance and Security with AWS WAF and CloudFront – Architecture Diagram
Verified by AWS
This case study is validated by AWS. Experts and professional auditors from AWS reviewed this case study and verified that we, Romexsoft, have built a functional infrastructure and efficient cloud solution.
It showcases the value that Romexsoft, being a certified AWS Advanced Tier Services Partner, delivers cloud solutions according to AWS standards and best practices.
The Results
Improved Website Performance and Security
Robust protection of the client’s web platform which allows:
- saving time with managed security rules (monitor, block, rate-limit) so that engineers can spend more time on actual application development;
- achieving stable website availability without wasting the resources, which are usually affected by web exploits and bad bots;
- having improved web traffic visibility with granular control over how metrics are emitted.
High website performance which leads to:
- cut costs due to consolidated requests, customizable pricing options, and zero fees for data transfer out from AWS origins;
- better user experience which results in sales boost through accelerated dynamic and static content delivery;
- additional security posture layers with traffic encryption and access control.
Why Romexsoft
Quality-Driven Partnerships
Romexsoft is an AWS Managed Service Provider specializing in protecting high-traffic e-commerce applications from DDoS, injection attacks, and malicious bots.
Our clients achieve faster content delivery, reduced downtime, lower operational costs, and improved security posture of their web applications through automated protection and optimized cloud configurations.
Companies trust us as we:
- Achieve up to 74% faster page load speed after integrating Amazon CloudFront.
- Deliver custom AWS WAF configurations to reduce malicious traffic and automate security controls.
- Employ an experienced AWS-certified DevOps and Security Engineering team.
- Integrate real-time threat insights from CloudWatch and OpenSearch.
Website Performance and Security FAQ
For an e-commerce website, signs of malicious traffic or bot activity often appear as subtle performance or analytics anomalies before escalating into security or availability issues. Common indicators include:
Unusual traffic spikes with no matching increase in sales or engagement.
Sudden server resource consumption such as high CPU, bandwidth, or memory usage without corresponding user activity.
Inconsistent conversion or bounce rates. For example, a sharp drop in conversion despite steady visitor numbers, suggesting non-human sessions.
Repeated failed login or checkout attempts pointing to credential-stuffing or card-testing bots.
Distorted analytics data like inflated page views or abnormal geographic distribution of users.
Slow page load times or temporary outages due to server overload from automated traffic.
By storing frequently requested data such as images, product details, or static assets in cache, servers handle fewer direct requests and can respond faster during traffic surges. This helps maintain consistent performance and prevents downtime caused by resource exhaustion.
Efficient cache invalidation and time-to-live (TTL) settings ensure users always receive up-to-date content without overloading the origin servers.
Web application security configurations should be reviewed and updated at least quarterly, with annual penetration testing and additional reviews after any major updates, infrastructure changes, or discovered vulnerabilities.
Security configurations must also be reassessed immediately after incidents, zero-day threats, or the integration of new third-party components. Stable environments can follow an annual or biannual review cadence, provided compliance standards are met. Regular reviews help detect misconfigurations, patch outdated components, and maintain alignment with OWASP and NIST best practices, ensuring continuous protection and customer trust.
Effective ways to measure website performance include monitoring key technical metrics and using specialized tools to track real user experience and system behavior.
Start by measuring page load time, time to first byte, server response time, and latency to identify slow components.
Performance and availability are monitored over time using Amazon CloudWatch, AWS X-Ray, and ALB access logs.
Synthetic and real-user monitoring can simulate activity from different regions and reveal how quickly your website responds to actual visitors.
Cache efficiency, edge latency, and request volumes are analyzed through CloudFront reports to assess content delivery performance.
Monitoring errors, throughput, and data transfer helps maintain reliability and spot degradation early, keeping the website fast and consistent under any load.
