Working with web ACLs - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Working with web ACLs


This is Amazon WAF Classic documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your Amazon WAF Classic resources to Amazon WAF.

For the latest version of Amazon WAF, see Amazon WAF.

When you add rules to a web ACL, you specify whether you want Amazon WAF Classic to allow or block requests based on the conditions in the rules. If you add more than one rule to a web ACL, Amazon WAF Classic evaluates each request against the rules in the order that you list them in the web ACL. When a web request matches all the conditions in a rule, Amazon WAF Classic immediately takes the corresponding action—allow or block—and doesn't evaluate the request against the remaining rules in the web ACL, if any.

If a web request doesn't match any of the rules in a web ACL, Amazon WAF Classic takes the default action that you specified for the web ACL. For more information, see Deciding on the default action for a Web ACL.

If you want to test a rule before you start using it to allow or block requests, you can configure Amazon WAF Classic to count the web requests that match the conditions in the rule. For more information, see Testing web ACLs.