Creating an Amazon WAF Classic rule group
Warning
Amazon WAF Classic support will end on September 30, 2025.
Note
This is Amazon WAF Classic documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see Migrating your Amazon WAF Classic resources to Amazon WAF.
For the latest version of Amazon WAF, see Amazon WAF.
When you create an Amazon WAF Classic rule group to use with Amazon Firewall Manager, you specify which rules to add to the group.
To create a rule group (console)
-
Sign in to the Amazon Web Services Management Console using the Amazon Firewall Manager administrator account that you set up in the prerequisites, and then open the Firewall Manager console at https://console.aws.amazon.com/wafv2/fms
. Note
For information about setting up a Firewall Manager administrator account, see Creating an Amazon Firewall Manager default administrator account.
-
In the navigation pane, choose Switch to Amazon WAF Classic.
-
In the Amazon WAF Classic navigation pane, choose Rule groups.
-
Choose Create rule group.
Note
You can't add rate-based rules to a rule group.
-
If you have already created the rules that you want to add to the rule group, choose Use existing rules for this rule group . If you want to create new rules to add to the rule group, choose Create rules and conditions for this rule group.
-
Choose Next.
-
If you chose to create rules, follow the steps to create them at Creating a rule and adding conditions.
Note
Use the Amazon WAF Classic console to create your rules.
When you've created all the rules you need, go to the next step.
-
Type a rule group name.
-
To add a rule to the rule group, select a rule then choose Add rule. Choose whether to allow, block, or count requests that match the rule's conditions. For more information on the choices, see How Amazon WAF Classic works.
-
When you are finished adding rules, choose Create.
You can test your rule group by adding it to an Amazon WAF WebACL and setting the WebACL action to Override to Count. This action overrides any action that you choose for the rules contained in the group, and only counts matching requests. For more information, see Creating a Web ACL.