Updates before 2018 - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Updates before 2018

The following table describes important changes in each release of the Amazon WAF Developer Guide that were made before 2018.

Change API Version Description Release Date
Update 2016-08-24 Amazon Web Services Marketplace rule groups November, 2017
Update 2016-08-24 Shield Advanced support for Elastic IP addresses November, 2017
Update 2016-08-24 Global threat dashboard November, 2017
Update 2016-08-24 DDoS-resistant website tutorial October, 2017
Update 2016-08-24 Geo and regex conditions October, 2017
Update 2016-08-24 Rate-based rules June, 2017
Update 2016-08-24 Reorganization April, 2017
Update 2016-08-24 Added information about DDOS protection and support for Application Load Balancers. November, 2016
New Features 2015-08-24

You can now log all your API calls to Amazon WAF through Amazon CloudTrail, the Amazon service that records API calls for your account and delivers log files to your S3 bucket. CloudTrail logs can be used to enable security analysis, track changes to your Amazon resources, and aid in compliance auditing. Integrating Amazon WAF and CloudTrail lets you determine which requests were made to the Amazon WAF API, the source IP address from which each request was made, who made the request, when it was made, and more.

If you are already using Amazon CloudTrail, you will start seeing Amazon WAF API calls in your CloudTrail log. If you haven't enabled CloudTrail for your account, you can enable it on CloudTrail from the Amazon Web Services Management Console. There is no additional charge for enabling CloudTrail, but standard rates for Amazon S3 and Amazon SNS usage apply.

April 28, 2016

New Features


You can now use Amazon WAF to allow, block, or count web requests that appear to contain malicious scripts, known as cross-site scripting or XSS. Attackers sometimes insert malicious scripts into web requests in an effort to exploit vulnerabilities in web applications. For more information, see Cross-site scripting attack rule statement.

March 29, 2016

New Features


With this release, Amazon WAF adds the following features:

  • You can configure Amazon WAF to allow, block, or count web requests based on the lengths of specified parts of the requests, such as query strings or URIs. For more information, see Size constraint rule statement.

  • You can configure Amazon WAF to allow, block, or count web requests based on the content in the request body. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. This feature applies to string match conditions, SQL injection match conditions, and the new size constraint conditions mentioned in the first bullet. For more information, see Web request component specification and handling.

January 27, 2016

New Feature


You can now use the Amazon WAF console to choose the CloudFront distributions that you want to associate a web ACL with. For more information, see Associating or Disassociating a Web ACL and a CloudFront Distribution.

November 16, 2015

Initial Release


This is the first release of the Amazon WAF Developer Guide.

October 6, 2015