Working with managed rule groups - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

Working with managed rule groups

This section provides guidance for accessing and managing your managed rule groups.

When you add a managed rule group to your web ACL, you can choose the same configuration options as you can your own rule groups, plus additional settings.

Through the console, you access managed rule group information during the process of adding and editing the rules in your web ACLs. Through the APIs and the command line interface (CLI), you can directly request managed rule group information.

When you use a managed rule group in your web ACL, you can edit the following settings:

  • Version – This is available only if the rule group is versioned. For more information, see Version management with managed rule groups.

  • Set rule actions to Count – You can set the actions for rules in the rule group to Count. This is useful for testing a rule group before using it to manage your web requests. For more information, see Setting the rule actions to count.

  • Scope-down statement – You can add a scope-down statement, to filter out web requests that you don't want to evaluate with the rule group. For more information, see Scope-down statements.

  • Override rule group action – You can override the action that results from the rule group evaluation, and set it to Count only. This option isn't commonly used. It doesn't alter how AWS WAF evaluates the rules in the rule group. For more information, see Overriding the resulting rule group's action to count.

To edit the managed rule group settings in your web ACL

  • Console

    • (Option) When you add the managed rules group to your web ACL, you can choose Edit to view and edit the settings.

    • (Option) After you've added the managed rule group into your web ACL, from the Web ACLs page, choose the web ACL you just created. This takes you to the web ACL edit page.

      • Choose Rules.

      • Select the rule group, then choose Edit to view and edit the settings.

  • APIs and CLI – Outside of the console, you can manage the managed rule group settings when you create and update the web ACL.