Working with web ACLs
Warning
Amazon WAF Classic support will end on September 30, 2025.
Note
This is Amazon WAF Classic documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see Migrating your Amazon WAF Classic resources to Amazon WAF.
For the latest version of Amazon WAF, see Amazon WAF.
When you add rules to a web ACL, you specify whether you want Amazon WAF Classic to allow or block requests based on the conditions in the rules. If you add more than one rule to a web ACL, Amazon WAF Classic evaluates each request against the rules in the order that you list them in the web ACL. When a web request matches all the conditions in a rule, Amazon WAF Classic immediately takes the corresponding action—allow or block—and doesn't evaluate the request against the remaining rules in the web ACL, if any.
If a web request doesn't match any of the rules in a web ACL, Amazon WAF Classic takes the default action that you specified for the web ACL. For more information, see Deciding on the default action for a Web ACL.
If you want to test a rule before you start using it to allow or block requests, you can configure Amazon WAF Classic to count the web requests that match the conditions in the rule. For more information, see Testing web ACLs.