Creating and managing a regex pattern set in AWS WAF
A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement. Regex pattern sets are AWS resources.
To use a regex pattern set in a web ACL or rule group, you first create an AWS resource,
RegexPatternSet
with your regex pattern specifications. Then you
reference the set when you add a regex pattern set rule statement to a web ACL or rule
group. A regex pattern set must contain at least one regex pattern.
If your regex pattern set contains more than one regex pattern, when it's used in a
rule, the pattern matching is combined with OR
logic. That is, a web
request will match the pattern set rule statement if the request component matches any
of the patterns in the set.
AWS WAF supports the pattern syntax used by the PCRE library libpcre
with some exceptions. The library is documented at PCRE - Perl Compatible Regular Expressions
Creating a regex pattern set
Follow the procedure in this section to create a new regex pattern set.
To create a regex pattern set
Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/wafv2/
. In the navigation pane, choose Regex pattern sets and then Create regex pattern set.
Enter a name and description for the regex pattern set. You'll use these to identify it when you want to use the set.
Note
You can't change the name after you create the regex pattern set.
For Region, choose Global (CloudFront) or choose the Region where you want to store the regex pattern set. You can use regional regex pattern sets only in web ACLs that protect regional resources. To use a regex pattern set in web ACLs that protect Amazon CloudFront distributions, you must use Global (CloudFront).
In the Regular expressions text box, enter one regex pattern per line.
For example, the regular expression
I[a@]mAB[a@]dRequest
matches the following strings:IamABadRequest
,IamAB@dRequest
,I@mABadRequest
, andI@mAB@dRequest
.AWS WAF supports the pattern syntax used by the PCRE library
libpcre
with some exceptions. The library is documented at PCRE - Perl Compatible Regular Expressions. For information about AWS WAF support, see Supported regular expression syntax in AWS WAF. Review the settings for the regex pattern set, and choose Create regex pattern set.
Deleting a regex pattern set
Follow the guidance in this section to delete a referenced set.
Deleting referenced sets and rule groups
When you delete an entity that you can use in a web ACL, like an IP set, regex pattern set, or rule group, AWS WAF checks to see if the entity is currently being used in a web ACL. If it finds that it is in use, AWS WAF warns you. AWS WAF is almost always able to determine if an entity is being referenced by a web ACL. However, in rare cases it might not be able to do so. If you need to be sure that nothing is currently using the entity, check for it in your web ACLs before deleting it. If the entity is a referenced set, also check that no rule groups are using it.
To delete a regex pattern set
Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/wafv2/
. In the navigation pane, choose Regex pattern sets.
Select the regex pattern set that you want to delete and choose Delete.