**Introducing a new console experience for Amazon WAF**

You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.amazonaws.cn/waf/latest/developerguide/working-with-console.html). 

# Adding and removing conditions in a rule
<a name="classic-web-acl-rules-editing"></a>

**Warning**  
Amazon WAF Classic is is going through a planned end-of-life process. Refer to your Amazon Health dashboard for the milestones and dates specific to your Region.

**Note**  
This is **Amazon WAF Classic** documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see [Migrating your Amazon WAF Classic resources to Amazon WAF](waf-migrating-from-classic.md).  
**For the latest version of Amazon WAF**, see [Amazon WAF](waf-chapter.md). 

You can change a rule by adding or removing conditions. <a name="classic-web-acl-rules-editing-procedure"></a>

**To add or remove conditions in a rule**

1. Sign in to the Amazon Web Services Management Console and open the Amazon WAF console at [https://console.amazonaws.cn/wafv2/](https://console.amazonaws.cn/wafv2/). 

   If you see **Switch to Amazon WAF Classic** in the navigation pane, select it.

1. In the navigation pane, choose **Rules**.

1. Choose the name of the rule in which you want to add or remove conditions.

1. Choose **Add rule**.

1. To add a condition, choose **Add condition** and specify the following values:  
**When a request does/does not**  
If you want Amazon WAF Classic to allow or block requests based on the filters in a condition, for example, web requests that originate from the range of IP addresses 192.0.2.0/24, choose **does**.  
If you want Amazon WAF Classic to allow or block requests based on the inverse of the filters in a condition, choose **does not**. For example, if an IP match condition includes the IP address range 192.0.2.0/24 and you want Amazon WAF Classic to allow or block requests that *do not* come from those IP addresses, choose **does not**.  
**match/originate from**  
Choose the type of condition that you want to add to the rule:  
   + Cross-site scripting match conditions – choose **match at least one of the filters in the cross-site scripting match condition**
   + IP match conditions – choose **originate from an IP address in**
   + Geo match conditions – choose **originate from a geographic location in**
   + Size constraint conditions – choose **match at least one of the filters in the size constraint condition**
   + SQL injection match conditions – choose **match at least one of the filters in the SQL injection match condition**
   + String match conditions – choose **match at least one of the filters in the string match condition**
   + Regular expression match conditions – choose **match at least one of the filters in the regex match condition**  
***condition name***  
Choose the condition that you want to add to the rule. The list displays only conditions of the type that you chose in the preceding step.

1. To remove a condition, select the **X** to the right of the condition name

1. Choose **Update**.