WAF Request Volume Estimator (Baseline + Attack)

Estimate monthly evaluated requests for WAF pricing by combining baseline RPS and attack spikes. Use the output in the AWS WAF cost calculator.

Maintained by CloudCostKit Editorial Team. Last updated: 2026-01-30. Editorial policy and methodology.

Best next steps

Use this calculator for the first estimate, then validate the answer with the closest guide or companion tool.

AWS WAF cost calculator Guide: estimate WAF request volume Guide: WAF cost spikes during attacks RPS to monthly requests

Inputs

Baseline RPS (avg)
Average evaluated requests per second.
Baseline hours per day
Use 24 for always-on traffic.
Days per month
Attack RPS (avg)
Extra load during bot or attack windows.
Attack hours (per month)
Total hours of spikes this month.
Request multiplier (%)
Buffer for retries, bots, and blocked traffic.
Scenario presets
Use the total requests in the AWS WAF cost calculator.

Results

Baseline requests
3,065,472,000
Attack requests
864,000,000
Total evaluated requests
4,322,419,200
Applied multiplier
110%

WAF evaluated requests are normal traffic plus attack windows, not just average RPS

This estimator exists to model the traffic that security teams actually pay to evaluate. That means baseline traffic, blocked traffic, retries, and attack windows all belong here. If you only use calm-day averages, the downstream WAF cost model will almost always be too low.

  • Baseline traffic: the ordinary evaluated path on a normal day.
  • Attack windows: short periods that can dominate monthly evaluated-request totals.
  • Blocked and retried requests: still part of the security workload and should not be left out.

Where WAF request estimates usually drift

  • Only allowed traffic is counted, even though blocked traffic is also evaluated.
  • Attack RPS is modeled, but attack duration is guessed too low because many small incidents are forgotten.
  • Retry storms and bot loops make evaluated traffic much larger than application success metrics suggest.
  • Teams use one average month even though security traffic is burstier than product traffic.

What to review before feeding this into the main WAF calculator

  • Use CDN, load balancer, or WAF-side counts that reflect evaluated traffic rather than only successful app requests.
  • Model a conservative defensive month if you do not yet have enough incident history.
  • Keep attack windows explicit so you can explain the estimate during security reviews and budgeting.
  • Treat this page as a support estimator for the WAF bill, not as a generic RPS converter.

Next steps

AWS WAF cost calculator Guide: estimate WAF request volume Guide: reduce WAF costs

Example scenario

  • Baseline 1,200 RPS for 24h/day with 20 attack hours at 12,000 RPS.
  • Add a 10-25% multiplier for retries, bots, and blocked traffic.

Included

  • Baseline requests from RPS x hours/day x days/month.
  • Attack spike requests from RPS x attack hours/month.
  • Optional multiplier to cover retries and blocked traffic.

Not included

  • Web ACL and rule pricing (use the WAF cost calculator).
  • Downstream logging and analytics costs.

How we calculate

  • Baseline requests = baseline RPS x baseline hours x 3600.
  • Attack requests = attack RPS x attack hours x 3600.
  • Total evaluated = (baseline + attack) x multiplier.

FAQ

Should I include blocked requests?
Yes. Evaluated requests include allowed and blocked traffic. Use a multiplier if your baseline excludes blocked traffic.
What if I only have CDN or LB request counts?
Use those counts directly as evaluated requests if the WAF is in-line for that traffic.
How should I model attacks?
Use a realistic attack RPS and total hours per month based on incident history or a conservative assumption.

Related tools

AWS WAF cost calculator Guide: estimate WAF request volume Guide: WAF cost spikes during attacks RPS to monthly requests

Related guides

API Gateway vs ALB vs CloudFront cost: what to compare (requests, transfer, add-ons)
A practical cost comparison of API Gateway, Application Load Balancer (ALB), and CloudFront. Compare request pricing, data transfer, caching impact, WAF, logs, and the hidden line items that change the answer.
Estimate WAF request volume (CDN/LB to monthly requests)
How to estimate WAF request volume for cost models: from CDN/LB metrics, from logs, and what to do about bot spikes.
CloudFront vs Cloudflare CDN cost: compare the right line items (bandwidth, requests, origin egress)
A practical comparison checklist for CloudFront vs Cloudflare pricing. Compare bandwidth ($/GB), request fees, region mix, origin egress (cache fill), and add-ons like WAF, logs, and edge compute. Includes a modeling template and validation steps.
CloudFront pricing: estimate bandwidth and request costs (without hardcoding prices)
A practical way to estimate CloudFront-style CDN costs using your own bandwidth ($/GB) and request-fee ($ per 10k/1M) assumptions, plus common pitfalls like tiered pricing and origin egress.
CDN request pricing: estimate $ per 10k / 1M requests (and when it dominates)
Some CDNs charge request fees in addition to bandwidth. Learn what counts as a billable request, how to estimate requests/month from RPS or analytics, and how to model per-10k vs per-1M pricing without unit mistakes.
CloudFront cache hit rate: how it changes origin egress cost
Cache hit rate strongly influences origin requests and origin egress (cache fill). Learn a simple model, what breaks hit rate, and the practical levers to improve it safely.

Disclaimer

Educational use only. Not legal, financial, or professional advice. Results are estimates based on the inputs and assumptions shown on this page. Verify pricing and limits with your providers and documentation.

Last updated: 2026-01-30. Reviewed against CloudCostKit methodology and current provider documentation. See the Editorial Policy .