You may start using Vapor’s managed firewall by defining the `firewall` configuration option within your application’s `vapor.yml` file:
When using the `rate-limit` option, Vapor’s managed firewall tracks the rate of requests for each originating IP address and blocks IPs with request rates over the given `rate-limit` value. In the example above, if the request count for an IP address exceeds 1,000 requests in any 5-minute time span then the firewall will temporarily block requests from that IP address with the `403 Forbidden` HTTP status code.
When using the bot-control option, Vapor’s managed firewall blocks requests from pervasive bots, such as scrapers or search engines. Over a dozen categories are available for use, and their usage will depend on the type of application you have.
Be sure to check out Vapor’s **[managed firewall documentation](https://docs.vapor.build/1.0/projects/environments.html#firewall)** before you begin using this feature. Behind the scenes, Vapor’s managed firewall uses **[Amazon WAF](https://aws.amazon.com/waf/)** – feel free to check out the WAF documentation for more information about the WAF service and its pricing.
We hope you enjoy this new addition to Laravel Vapor. At Laravel, we’re committed to providing you with the most robust and developer-friendly PHP experience in the world. If you haven’t checked out Vapor, now is a great time to start! You can create your account today at: **[vapor.laravel.com](https://vapor.laravel.com/)**.