Estimate WAF request volume (CDN/LB to monthly requests)

WAF request charges scale with evaluated requests. A good estimate starts with your real traffic and then adds a safety factor for bot spikes and incidents.

Step 0: define evaluated requests (the number that matters)

  • Evaluated = allowed + blocked. For cost, you usually want the evaluated volume.
  • Scope: one host/path protected by WAF can have a very different request profile than the rest of the site.
  • Two scenarios: baseline month + attack month (peaks drive real bills).

Method 1: From average RPS

  • Requests/month = avg RPS x 60 x 60 x 24 x days
  • Use an average over a representative period (e.g., 30 days).
  • Add a buffer if you have frequent bot spikes or peak-driven workloads.

Method 2: From CDN/LB metrics

  • Use the request count metric from your CDN or load balancer and roll it up to a month.
  • Segment by host/path if only some traffic is protected by WAF.

If you have multiple apps behind one gateway, measure by hostname (or listener) so the "noisy one" does not hide.

Method 3: From logs

  • Count request records per day from access logs/WAF logs, then average to monthly.
  • Include blocked traffic and retries; they are still evaluated.

Logs are best when you need to separate paths (login, search, uploads) because bot activity is usually concentrated on a few endpoints.

Worked example (baseline + spike)

  • Baseline: 1,000 RPS sustained -> convert to monthly.
  • Spike: +10,000 RPS for 2 hours/day for 5 days -> extra requests = 10,000 * (2 * 3600) * 5.
  • Total evaluated: baseline + extra spike requests.

Use WAF request volume estimator to model baseline and spike together.

Turn volume into cost

Use AWS WAF Cost Calculator to translate ACLs, rules, and request volume into an estimate.

  • Save a baseline scenario and an attack scenario so you can compare without losing assumptions.
  • If you log WAF events, estimate log ingestion separately (logs can be the second bill).

Common multipliers (why your estimate is low)

  • Retry storms and client timeouts multiplying requests during incidents.
  • Bot traffic concentrated on a few endpoints (login/search) that must be modeled separately.
  • Cache misses (or disabled caching) pushing all requests through evaluation rather than serving from cache.
  • Multi-tenant gateways where one app generates most requests.

How to validate the estimate

  • Compare your modeled evaluated requests to one week of real request counts (CDN/LB/WAF logs) scaled to monthly.
  • Keep a peak scenario for the largest spike window you see (attacks, bot waves, scraping).
  • Confirm whether blocked requests are included in the evaluated volume you used.

Related guides

WAF pricing WAF cost spikes during attacks AWS WAF vs Cloudflare WAF cost

Related calculators

WAF request volume estimator AWS WAF cost calculator

Validation checklist

  • Validate the primary driver with measured usage from a representative window.
  • Confirm units and pricing units (per 10k vs per 1M, GB vs GiB) before trusting the estimate.
  • Re-check incident windows: retries/timeouts often multiply cost drivers.

Related reading

Cost estimation checklist Network transfer costs Request-based pricing

Sources

Related guides

API Gateway vs ALB vs CloudFront cost: what to compare (requests, transfer, add-ons)
A practical cost comparison of API Gateway, Application Load Balancer (ALB), and CloudFront. Compare request pricing, data transfer, caching impact, WAF, logs, and the hidden line items that change the answer.
WAF cost optimization (reduce requests + rule sprawl)
A practical playbook to reduce WAF spend: cut evaluated requests, keep rule count tight, and avoid downstream logging waste.
WAF cost spikes during attacks: how to budget request surges
A practical guide to WAF cost spikes during attacks: why request-based charges jump, how to model surge traffic, and how to reduce evaluated requests and logging volume safely.
AWS WAF vs Cloudflare WAF cost: a practical comparison checklist
Compare AWS WAF vs Cloudflare WAF cost using a practical checklist: request-based charges, rule/policy baselines, logging/analytics costs, and what to model for your traffic shape.
Estimate API requests per month (RPS, logs, and metrics)
How to estimate monthly API request volume for cost models: from CloudWatch metrics, from access logs, and from RPS charts (with common pitfalls like retries and health checks).
Estimate CloudWatch metrics API requests (dashboards and polling)
How to estimate CloudWatch metrics API request volume for cost models: derive requests from dashboards and tooling polling, include refresh rates, and validate with measured usage.

Related calculators

CDN Cost Calculator
Estimate total CDN cost from bandwidth and request pricing.
CDN Bandwidth Cost Calculator
Estimate monthly CDN bandwidth cost from GB transferred and $/GB pricing.
CDN Request Cost Calculator
Estimate CDN request fees from monthly requests and $ per 10k/1M pricing.
Log Cost Calculator
Estimate total log costs: ingestion, storage, and scan/search.
Log Ingestion Cost Calculator
Estimate monthly log ingestion cost from GB/day or from event rate and $/GB pricing.
Log Retention Storage Cost Calculator
Estimate retained log storage cost from GB/day, retention days, and $/GB-month pricing.

FAQ

What's the fastest way to estimate requests/month?
Convert average requests per second (RPS) into monthly volume: requests/month = avg RPS x 60 x 60 x 24 x days.
Should I include blocked requests?
Yes for cost models, because they are still evaluated. During attacks, blocked traffic can meaningfully increase request-based charges and logging volume.
Last updated: 2026-01-27