HeaderOrder - AWS WAFV2


Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. AWS WAF generates the string and then uses that as the field to match component in its inspection. AWS WAF separates the header names in the string using colons and no added spaces, for example host:user-agent:accept:authorization:referer.



What AWS WAF should do if the headers of the request are more numerous or larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to AWS WAF.

The options for oversize handling are the following:

  • CONTINUE - Inspect the available headers normally, according to the rule inspection criteria.

  • MATCH - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

Type: String


Required: Yes

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: