WAF Request Volume Estimator (Baseline + Attack)
Estimate monthly evaluated requests for WAF pricing by combining baseline RPS and attack spikes. Use the output in the AWS WAF cost calculator.
Inputs
Baseline RPS (avg)
Average evaluated requests per second.
Baseline hours per day
Use 24 for always-on traffic.
Days per month
Attack RPS (avg)
Extra load during bot or attack windows.
Attack hours (per month)
Total hours of spikes this month.
Request multiplier (%)
Buffer for retries, bots, and blocked traffic.
Scenario presets
Use the total requests in the AWS WAF cost calculator.
Results
Baseline requests
3,065,472,000
Attack requests
864,000,000
Total evaluated requests
4,322,419,200
Applied multiplier
110%
How to get your inputs
- Baseline RPS: use CDN/LB/WAF metrics for a normal window.
- Attack RPS: use incident logs or peak traffic spikes.
- Attack hours: total duration per month of spikes.
Result interpretation
- Total evaluated requests drive the WAF request charge line item.
- Even short attack windows can dominate monthly request volume.
Next steps
Advertisement
Example scenario
- Baseline 1,200 RPS for 24h/day with 20 attack hours at 12,000 RPS.
- Add a 10-25% multiplier for retries, bots, and blocked traffic.
Included
- Baseline requests from RPS x hours/day x days/month.
- Attack spike requests from RPS x attack hours/month.
- Optional multiplier to cover retries and blocked traffic.
Not included
- Web ACL and rule pricing (use the WAF cost calculator).
- Downstream logging and analytics costs.
How we calculate
- Baseline requests = baseline RPS x baseline hours x 3600.
- Attack requests = attack RPS x attack hours x 3600.
- Total evaluated = (baseline + attack) x multiplier.
FAQ
Should I include blocked requests?
Yes. Evaluated requests include allowed and blocked traffic. Use a multiplier if your baseline excludes blocked traffic.
What if I only have CDN or LB request counts?
Use those counts directly as evaluated requests if the WAF is in-line for that traffic.
How should I model attacks?
Use a realistic attack RPS and total hours per month based on incident history or a conservative assumption.
Related tools
Related guides
API Gateway vs ALB vs CloudFront cost: what to compare (requests, transfer, add-ons)
A practical cost comparison of API Gateway, Application Load Balancer (ALB), and CloudFront. Compare request pricing, data transfer, caching impact, WAF, logs, and the hidden line items that change the answer.
Estimate WAF request volume (CDN/LB to monthly requests)
How to estimate WAF request volume for cost models: from CDN/LB metrics, from logs, and what to do about bot spikes.
CloudFront vs Cloudflare CDN cost: compare the right line items (bandwidth, requests, origin egress)
A practical comparison checklist for CloudFront vs Cloudflare pricing. Compare bandwidth ($/GB), request fees, region mix, origin egress (cache fill), and add-ons like WAF, logs, and edge compute. Includes a modeling template and validation steps.
CloudFront pricing: estimate bandwidth and request costs (without hardcoding prices)
A practical way to estimate CloudFront-style CDN costs using your own bandwidth ($/GB) and request-fee ($ per 10k/1M) assumptions, plus common pitfalls like tiered pricing and origin egress.
CDN request pricing: estimate $ per 10k / 1M requests (and when it dominates)
Some CDNs charge request fees in addition to bandwidth. Learn what counts as a billable request, how to estimate requests/month from RPS or analytics, and how to model per-10k vs per-1M pricing without unit mistakes.
CloudFront cache hit rate: how it changes origin egress cost
Cache hit rate strongly influences origin requests and origin egress (cache fill). Learn a simple model, what breaks hit rate, and the practical levers to improve it safely.
Advertisement
Disclaimer
Educational use only. Not legal, financial, or professional advice. Results are estimates based on the inputs and assumptions shown on this page. Verify pricing and limits with your providers and documentation.
Last updated: 2026-01-30