AWS WAF, AWS Firewall Manager, and AWS Shield Advanced
Developer Guide (API Version 2015-08-24)

Working with Rules

Rules let you precisely target the web requests that you want AWS WAF to allow or block by specifying the exact conditions that you want AWS WAF to watch for. For example, AWS WAF can watch for the IP addresses that requests originate from, the strings that the requests contain and where the strings appear, and whether the requests appear to contain malicious SQL code.