Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
AwsWafWebAclRule - AWS Security Hub
ContentsSee Also

AwsWafWebAclRule

PDF

Details for a rule in an AWS WAF web ACL.

Contents

Action

Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.

Type: WafAction object

Required: No

ExcludedRules

Rules to exclude from a rule group.

Type: Array of WafExcludedRule objects

Required: No

OverrideAction

Use the OverrideAction to test your RuleGroup.

Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and is configured to block that request.

However, if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup then overrides any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests are counted.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a web ACL. In this case you don't use ActivatedRule Action. For all other update requests, ActivatedRule Action is used instead of ActivatedRule OverrideAction.

Type: WafOverrideAction object

Required: No

Priority

Specifies the order in which the rules in a web ACL are evaluated. Rules with a lower value for Priority are evaluated before rules with a higher value. The value must be a unique integer. If you add multiple rules to a web ACL, the values don't need to be consecutive.

Type: Integer

Required: No

RuleId

The identifier for a rule.

Type: String

Pattern: .*\S.*

Required: No

Type

The rule type.

Valid values: REGULAR | RATE_BASED | GROUP

The default is REGULAR.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Next topic:

WafAction

Previous topic:

AwsWafWebAclDetails

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.