Web request component specification and handling - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

Web request component specification and handling

This section describes the settings that you can specify in rule statements that inspect a component of the web request. For information on usage, see the individual rule statements at Match rule statements.

A subset of these web request components can also be used in rate-based rules, as custom request aggregation keys. For information, see Rate-based rule aggregation options and keys.

For the request component settings, you specify the component type itself, and any additional options, depending on the component type. For example, when you inspect a component type that contains text, you can apply text transformations to it before inspecting it.


Unless otherwise noted, if a web request doesn't have the request component that's specified in the rule statement, AWS WAF evaluates the request as not matching the rule criteria.