Introducing a new console experience for Amazon WAF
You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see Working with the updated console experience.
Working with conditions
Warning
Amazon WAF Classic support will end on September 30, 2025.
Note
This is Amazon WAF Classic documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see Migrating your Amazon WAF Classic resources to Amazon WAF.
For the latest version of Amazon WAF, see Amazon WAF.
Conditions specify when you want to allow or block requests.
To allow or block requests based on whether the requests appear to contain malicious scripts, create cross-site scripting match conditions. For more information, see Working with cross-site scripting match conditions.
To allow or block requests based on the IP addresses that they originate from, create IP match conditions. For more information, see Working with IP match conditions.
To allow or block requests based on the country that they originate from, create geo match conditions. For more information, see Working with geographic match conditions.
To allow or block requests based on whether the requests exceed a specified length, create size constraint conditions. For more information, see Working with size constraint conditions.
To allow or block requests based on whether the requests appear to contain malicious SQL code, create SQL injection match conditions. For more information, see Working with SQL injection match conditions.
To allow or block requests based on strings that appear in the requests, create string match conditions. For more information, see Working with string match conditions.
To allow or block requests based on a regex pattern that appear in the requests, create regex match conditions. For more information, see Working with regex match conditions.