Document history
| Change | Description | Date |
|---|---|---|
|
AWS Firewall Manager supports central management of AWS Network Firewall network traffic filtering for your VPCs. |
November 17, 2020 |
|
|
You can now group your protected resources into logical groups and manage their protections collectively. |
November 13, 2020 |
|
|
You can now associate a AWS WAF web ACL with your AWS AppSync GraphQL API. This change is only available in the latest version of AWS WAF and not in AWS WAF Classic. |
October 1, 2020 |
|
|
AWS Managed Rules for AWS WAF updated the Windows operating system rule set. |
September 23, 2020 |
|
|
AWS Managed Rules for AWS WAF updated the rule sets PHP application and POSIX operating system. |
September 16, 2020 |
|
|
AWS Shield offers a new console option, with an improved user experience. The console guidance in the documentation is for the new console. |
September 1, 2020 |
|
|
AWS Firewall Manager common security group policies now support Application Load Balancers and Classic Load Balancers resource types through the console implementation. The new options are available in the common policy's Policy scope settings. |
August 11, 2020 |
|
|
AWS Managed Rules for AWS WAF updated the core rule set. |
August 7, 2020 |
|
|
AWS Firewall Manager now supports centralized logging configuration for AWS WAF policies. |
July 30, 2020 |
|
|
Added the option to use IP addresses from an HTTP header that you
specify, instead of using the web request origin. The alternate header
is commonly |
July 9, 2020 |
|
|
Firewall Manager updates to content audit security group policies |
AWS Firewall Manager has expanded functionality for content audit security group policies including a managed rules option, that uses managed application and protocol lists, and details for resource violations. |
July 7, 2020 |
|
AWS Firewall Manager now supports managed application and protocol lists. Firewall Manager manages some lists and you can create and manage your own. |
July 7, 2020 |
|
|
You can configure Shield Advanced to have the DDoS Response Team (DRT) contact you if the Amazon Route 53 health check associated with a protected resource becomes unhealthy during an event that's detected by Shield Advanced. |
June 8, 2020 |
|
|
Firewall Manager supports shared VPCs in common security group policies |
AWS Firewall Manager now supports using common security group policies in shared VPCs. You can do this in addition to using them in the VPCs owned by in-scope accounts. |
May 26, 2020 |
|
Added documentation for each rule in the AWS Managed Rules for AWS WAF. |
May 19, 2020 |
|
|
AWS Managed Rules for AWS WAF updated the Linux operating system rule group. |
May 19, 2020 |
|
|
Add support for migrating AWS WAF Classic resources to AWS WAF (v2) |
You can now use the console or API to export your AWS WAF Classic resources for migration to the latest version of AWS WAF. |
April 27, 2020 |
|
Add support for AWS Organizations organizational units in policy scope |
AWS Firewall Manager now supports using AWS Organizations organizational units (OUs) to specify policy scope. You can use OUs to include or exclude accounts from the scope, in addition to including or excluding specific accounts. Specifying an OU is the same as specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. |
April 6, 2020 |
|
AWS Firewall Manager now supports the latest version of AWS WAF, in addition to the prior version, AWS WAF Classic. |
March 31, 2020 |
|
|
Update to AWS Firewall Manager common security group policies |
AWS Firewall Manager common security group policy now has the option to apply the policy to all elastic network interfaces in your in-scope Amazon EC2 instances. You can still choose to only apply the policy to the default elastic network interface. |
March 11, 2020 |
|
AWS Managed Rules for AWS WAF added a AWSManagedRulesAnonymousIpList rule group. |
March 6, 2020 |
|
|
AWS Managed Rules for AWS WAF updated the WordPress application and AWSManagedRulesCommonRuleSet rule groups. |
March 3, 2020 |
|
|
Added Amazon Route 53 health check to AWS Shield Advanced protection options |
Shield Advanced now supports the use of Amazon Route 53 health check associations, to improve the accuracy of threat detection and mitigation. |
February 14, 2020 |
|
AWS Managed Rules for AWS WAF has updated the SQL Database rule group to add checking the message URI. |
January 23, 2020 |
|
|
Firewall Manager new option for security group usage audit policy |
Firewall Manager has a new option for security group usage audit policies. You can now set a minimum number of minutes a security group must remain unused before it's considered noncompliant. By default, this minutes setting is zero. |
January 14, 2020 |
|
Firewall Manager has a new option for AWS WAF policies. You can now choose to remove all existing web ACL associations from in-scope resources before associating the policy's new web ACLs to them. |
January 14, 2020 |
|
|
AWS Managed Rules for AWS WAF has updated text transformations for rules in the Core Rule Set and the SQL Database rule groups. |
December 20, 2019 |
|
|
AWS Firewall Manager now creates findings for resources that are out of compliance and for attacks and sends them to AWS Security Hub. |
December 18, 2019 |
|
|
New version of the AWS WAF developer guide. You can manage a web ACL or rule group in JSON format. Expanded capabilities include logical rule statements, rule statement nesting, and full CIDR support for IP addresses and address ranges. Rules are no longer AWS resources, but exist only in the context of a web ACL or rule group. For existing customers, the prior version of the service is now called AWS WAF Classic. In the APIs, SDKs, and CLIs, AWS WAF Classic retains its naming schemes and this latest version of AWS WAF is referred to with an added "V2" or "v2", depending on the context. AWS WAF can't access AWS resources that were created in AWS WAF Classic. To use those resources in AWS WAF, you need to migrate them. |
November 25, 2019 |
|
|
Added AWS Managed Rules rule groups. These are free of charge for AWS WAF customers. |
November 25, 2019 |
|
|
AWS Firewall Manager support for Amazon Virtual Private Cloud security groups |
Added support for Amazon VPC security groups to Firewall Manager. |
October 10, 2019 |
|
Added support for Shield Advanced to Firewall Manager. |
March 15, 2019 |
|
|
Added tutorial on creating hierarchical policies in AWS Firewall Manager. |
February 11, 2019 |
|
|
You can now exclude individual rules from AWS Marketplace rule groups, as well as your own rule groups. |
December 12, 2018 |
|
|
Shield Advanced can now protect AWS Global Accelerator. |
November 26, 2018 |
|
|
AWS WAF now protects s. |
October 25, 2018 |
|
|
New wizard provides opportunity to create rate-based rules and Amazon CloudWatch Events. |
August 31, 2018 |
|
|
Enable logging to get detailed information about traffic that is analyzed by your web ACL. |
August 31, 2018 |
|
|
When creating a condition, you can now search the requests for specific parameters. |
June 5, 2018 |
|
|
Introduces a new streamlined process for subscribing to AWS Shield Advanced. |
June 5, 2018 |
|
|
When creating an IP match condition, AWS WAF now supports IPv4 address ranges: /8 and any range between /16 through /32. |
June 5, 2018 |
Earlier updates
The following table describes important changes in each release of the AWS WAF Developer Guide.
| Change | API Version | Description | Release Date |
|---|---|---|---|
| Update | 2016-08-24 | AWS Marketplace rule groups | November, 2017 |
| Update | 2016-08-24 | Shield Advanced support for Elastic IP addresses | November, 2017 |
| Update | 2016-08-24 | Global threat dashboard | November, 2017 |
| Update | 2016-08-24 | DDoS-resistant website tutorial | October, 2017 |
| Update | 2016-08-24 | Geo and regex conditions | October, 2017 |
| Update | 2016-08-24 | Rate-based rules | June, 2017 |
| Update | 2016-08-24 | Reorganization | April, 2017 |
| Update | 2016-08-24 | Added information about DDOS protection and support for Application Load Balancers. | November, 2016 |
| New Features | 2015-08-24 |
You can now log all your API calls to AWS WAF through AWS CloudTrail, the AWS service that records API calls for your account and delivers log files to your S3 bucket. CloudTrail logs can be used to enable security analysis, track changes to your AWS resources, and aid in compliance auditing. Integrating AWS WAF and CloudTrail lets you determine which requests were made to the AWS WAF API, the source IP address from which each request was made, who made the request, when it was made, and more. If you are already using AWS CloudTrail, you will start seeing AWS WAF API calls
in your CloudTrail log. If you haven't enabled CloudTrail for your account,
you can enable it on CloudTrail from the AWS Management Console |
April 28, 2016 |
|
New Features |
2015-08-24 |
You can now use AWS WAF to allow, block, or count web requests that appear to contain malicious scripts, known as cross-site scripting or XSS. Attackers sometimes insert malicious scripts into web requests in an effort to exploit vulnerabilities in web applications. For more information, see Cross-site scripting attack rule statement. |
March 29, 2016 |
|
New Features |
2015-08-24 |
With this release, AWS WAF adds the following features:
|
January 27, 2016 |
|
New Feature |
2015-08-24 |
You can now use the AWS WAF console to choose the CloudFront distributions that you want to associate a web ACL with. For more information, see Associating or Disassociating a Web ACL and a CloudFront Distribution. |
November 16, 2015 |
|
Initial Release |
2015-08-24 |
This is the first release of the AWS WAF Developer Guide. |
October 6, 2015 |
