Regular expression pattern matching in AWS WAF - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

Regular expression pattern matching in AWS WAF

AWS WAF supports the pattern syntax used by the PCRE library libpcre. The library is documented at PCRE - Perl Compatible Regular Expressions.

AWS WAF doesn't support all constructs of the library. For example, it supports some zero-width assertions, but not all. We do not have comprehensive list of the constructs that are supported. However, if you provide a regex pattern that isn't valid or use unsupported constructs, the AWS WAF API reports a failure.

AWS WAF does not support the following PCRE patterns:

  • Backreferences and capturing subexpressions

  • Subroutine references and recursive patterns

  • Conditional patterns

  • Backtracking control verbs

  • The \C single-byte directive

  • The \R newline match directive

  • The \K start of match reset directive

  • Callouts and embedded code

  • Atomic grouping and possessive quantifiers