Adjusting rule statement settings in AWS WAF

This section describes the settings that you can specify in rule statements that inspect a component of the web request. For information on usage, see the individual rule statements at Using match rule statements in AWS WAF.

A subset of these web request components can also be used in rate-based rules, as custom request aggregation keys. For information, see Aggregating rate-based rules in AWS WAF.

For the request component settings, you specify the component type itself, and any additional options, depending on the component type. For example, when you inspect a component type that contains text, you can apply text transformations to it before inspecting it.

Note

Unless otherwise noted, if a web request doesn't have the request component that's specified in the rule statement, AWS WAF evaluates the request as not matching the rule criteria.

Contents

• Request components in AWS WAF

  • HTTP method

  • Single header

  • All headers

  • Header order

  • Cookies

  • URI fragment

  • URI path

  • JA3 fingerprint

  • JA4 fingerprint

  • Query string

  • Single query parameter

  • All query parameters

  • Body

  • JSON body

• Using forwarded IP addresses in AWS WAF

• Inspecting HTTP/2 pseudo headers in AWS WAF

• Using text transformations in AWS WAF