Document history
This page lists significant changes to this documentation.
Service features are sometimes rolled out incrementally to the Amazon Regions where a service is
available. We update this documentation for the first release only. We don't provide
information about Region availability or announce subsequent Region rollouts. For
information about Region availability of service features and to subscribe to notifications about updates, see What's New with Amazon?
Change | Description | Date |
---|---|---|
Added the | November 19, 2024 | |
You can use the Android and iOS integration SDKs for TV apps as well as mobile apps. | November 19, 2024 | |
Token management now adds a label for the browser fingerprint. | November 13, 2024 | |
Updated the Bot Control rule group. | November 7, 2024 | |
Firewall Manager Amazon WAF policy can use existing web ACLs | Firewall Manager Amazon WAF policies can now retrofit existing account-owned web ACLs, and create new web ACLs only where needed. | October 22, 2024 |
Updated the core rule set (CRS) rule group. | October 16, 2024 | |
Updated the Bot Control, ATP, and ACFP managed rule groups. | September 13, 2024 | |
Updated the Linux operating system rule group. | September 2, 2024 | |
Updated the core rule set (CRS) rule group. | August 30, 2024 | |
The minimum request rate for a rate-based rule is now 10. Before this, it was 100. | August 30, 2024 | |
Updated the Windows operating system rule group. | August 28, 2024 | |
Amazon WAF metrics added new metrics for CAPTCHA JavaScript API | Amazon WAF added two new metrics, | August 28, 2024 |
Add quotas on calls per organization for ListResourcesForWebACL | Amazon WAF now limits the number of calls to | July 26, 2024 |
Updates to | July 22, 2024 | |
Updated the WordPress application rule group. | July 15, 2024 | |
Updated the Linux operating system rule group. | July 12, 2024 | |
Updated the core rule set (CRS) rule group. | July 9, 2024 | |
Updated the PHP application and Windows operating system rule groups. | July 3, 2024 | |
Updated coverage for JSON body inspection to clarify how Amazon WAF handles parsing and the body parsing fallback behavior. | June 25, 2024 | |
Updated the Linux operating system rule group. | June 6, 2024 | |
Updated | June 3, 2024 | |
Amazon WAF started tracking changes for the managed policy | June 3, 2024 | |
The Bot Control, ATP, and ACFP managed rule groups are now versioned and will provide SNS notifications for version updates, the same as other versioned Amazon Managed Rules. | May 29, 2024 | |
Updated the POSIX operating system rule group, | May 28, 2024 | |
Added clarification that browser clients require HTTPS to run CAPTCHA puzzles and silent challenges. | May 24, 2024 | |
You can now use Security Lake to collect web ACL traffic data. For information, see Collecting data from Amazon services in the Amazon Security Lake user guide. | May 22, 2024 | |
Updated the core rule set (CRS) rule group. | May 21, 2024 | |
Updated the SQLi database rule group. | May 14, 2024 | |
Updated the known bad inputs and POSIX operating system rule groups. | May 8, 2024 | |
Updated the Windows operating system rule group. | May 3, 2024 | |
Added example code for Kotlin-based Android integrations. | May 2, 2024 | |
Amazon WAF added new dimension for | May 2, 2024 | |
Firewall Manager now supports the management of Amazon VPC network access control lists (ACLs) through Firewall Manager network ACL policies. | April 25, 2024 | |
Updates to | April 22, 2024 | |
We removed some metrics from the list of those that are commonly used in health checks. | April 16, 2024 | |
We've updated our usage audit security group policies and improved the documentation. See the usage audit policy section and the sections on best practices and limitations. | April 2, 2024 | |
Added examples depicting the targeted inspection level and updated existing examples to reflect best practices. | March 27, 2024 | |
Added example depicting response inspection configuration and updated existing examples to reflect best practices. | March 27, 2024 | |
Added example depicting response inspection configuration. | March 27, 2024 | |
Amazon WAF no longer has per-web ACL limits on publishing logs to CloudWatch Logs log streams. | March 27, 2024 | |
Amazon Shield Advanced application layer (layer 7) protections | Updated general and best practice guidance for application layer detection and mitigation, web ACL use, rate-based rules, and automatic application layer DDoS mitigation. | March 14, 2024 |
Updated the IP reputation rule group. | March 13, 2024 | |
Amazon WAF now supports larger body inspection size limits for some regional resources. | March 7, 2024 | |
Configurable evaluation window for Amazon WAF rate-based rules | You can now configure the time window that rate-based rules use to count requests, to 1, 2, 5, or 10 minutes. The default is 5, which was the only option before this release. | February 28, 2024 |
The top level | February 22, 2024 | |
You can now delete CAPTCHA JS API keys through the Amazon WAF APIs. | February 6, 2024 | |
The audio version of the CAPTCHA puzzle now supports multiple languages. | February 6, 2024 | |
Token management now adds labels for the CAPTCHA token and has enhanced the token labeling for the challenge token. | December 20, 2023 | |
Updated the known bad inputs rule group. | December 16, 2023 | |
Updated the known bad inputs rule group. | December 14, 2023 | |
Updated the core rule set (CRS) rule group. | December 6, 2023 | |
Updated the following rule groups: Amazon WAF Bot Control. | December 5, 2023 | |
If you use a custom IAM role instead of the Firewall Manager managed role for Amazon Config, you must ensure that your permission policy allows Amazon Config recorder to record Firewall Manager resources. | November 17, 2023 | |
We corrected the guidance for viewing all rules and sampled requests for a web ACL in the Amazon WAF console. | November 17, 2023 | |
Updated the Bot Control rule group. | November 14, 2023 | |
The web ACL page in the Amazon WAF console has new web traffic overview dashboards. | November 14, 2023 | |
Corrected label information for the rules
| November 13, 2023 | |
Corrected label information for the rules | November 13, 2023 | |
Updated the core rule set (CRS) rule group. | November 2, 2023 | |
Shield Advanced now maintains a rate-based rule in the automatic mitigation rule group that limits the volume of requests from IP addresses known to be sources of DDoS attacks. | October 31, 2023 | |
Updated the core rule set (CRS) rule group. | October 30, 2023 | |
Bot Control managed rule group removed signal label for the request CSP | The Bot Control managed rule group removed the signal label that indicates the cloud service provider (CSP). | October 28, 2023 |
Bot Control managed rule group signal label for the request CSP | The Bot Control managed rule group signal labels include a label that indicates the cloud service provider (CSP). | October 27, 2023 |
For the Amazon WAF actions that manage web ACL associations, the policy actions section now lists the permissions requirements for each web application resource type. | October 25, 2023 | |
When you enable management of unassociated web ACLs, Firewall Manager doesn't include the modified web ACLs in the one-time cleanup of unused resources. | October 19, 2023 | |
Updated the POSIX operating system rule group, | October 12, 2023 | |
Amazon WAF added new dimensions for viewing web ACL metrics. | October 12, 2023 | |
Updated the core rule set (CRS) rule group. | October 11, 2023 | |
Added the | October 11, 2023 | |
Updated two static versions of the known bad inputs rule group and updated the default version to point to the most recent static version. | October 4, 2023 | |
Expanded the functionality of the HTML entity decode text transformation. | October 4, 2023 | |
Added new option to Firewall Manager security group common policy | Firewall Manager now can distribute security group references to replica security groups. | October 3, 2023 |
You can now perform an exact match against the web request's JA3 fingerprint, for Amazon CloudFront distributions and Application Load Balancers. | September 26, 2023 | |
Updates to Firewall Manager security group policy rules settings | Firewall Manager now supports security group referencing from primary security groups to replica security groups. | September 25, 2023 |
Updated Shield Advanced automatic application layer DDoS mitigation | Firewall Manager now supports Application Load Balancer resources for Shield Advanced policies configured with automatic application layer DDoS mitigation. | September 14, 2023 |
Updated the following rule groups: Amazon WAF Bot Control. | September 6, 2023 | |
The targeted protection level of the Bot Control managed rule group now inspects for token reuse between IP addresses. It also now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. | September 6, 2023 | |
Lowered the min, max, and default values for | September 5, 2023 | |
Updated the Amazon WAF Bot Control rule group. | August 30, 2023 | |
Added guidance for using Amazon CloudFormation to manage the web ACLs that you use with automatic application layer DDoS mitigation. | August 30, 2023 | |
New Firewall Manager content audit security group policy option | Added new option for auditing overly permissive rule groups, and improved console procedure descriptions. | August 29, 2023 |
If you enable management of unassociated web ACLs in Amazon WAF and Shield, Firewall Manager only creates web ACLs in the accounts within policy scope only if the web ACLs will be used by at least one resource. | August 9, 2023 | |
Updated the core rule set (CRS) rule group. | July 26, 2023 | |
You can now specify the URI path in your custom aggregation keys for rate-based rules. | July 19, 2023 | |
New Amazon WAF policy rule option in Amazon Firewall Manager | Amazon Firewall Manager adds support for configuring Amazon WAF web request body inspection size limits. | July 18, 2023 |
Updated | June 17, 2023 | |
Updated the rule group | June 13, 2023 | |
Update to Amazon WAF Fraud Control account takeover prevention (ATP) | You can now specify the login endpoint for the ATP managed rule group using a regular expression. | June 13, 2023 |
New section describes how to serve a custom CAPTCHA puzzle when Amazon WAF responds to a request with a CAPTCHA. | June 13, 2023 | |
Use the new rule group | June 13, 2023 | |
New Amazon WAF Fraud Control account creation fraud prevention (ACFP) | You can detect and block fraudulent account creation attempts with the new Amazon WAF Fraud Control account creation fraud prevention (ACFP) managed
rule group | June 13, 2023 |
Updated | June 6, 2023 | |
Added limitation for Firewall Manager security group policies | If a shared VPC is later unshared, Firewall Manager won't delete the replica security groups in the associated account. | June 2, 2023 |
You can now match against an ordered list of the names of the headers in the request. | May 30, 2023 | |
Updated the Linux operating system rule set. | May 22, 2023 | |
The rules statement listings are now grouped by statement type. | May 16, 2023 | |
Moved topic: Listing IP addresses that are being rate limited | The topic for listing IP addresses that are being rate limited by a rate-based rule is now under the rate-based rules topic. | May 16, 2023 |
You can now rate limit web requests based on aggregation keys other than IP addresses, and you can aggregate using combinations of keys. You can also rate limit all requests that match a scope-down statement, without further aggregation. | May 16, 2023 | |
Increased the number of Firewall Manager policies per organization in Amazon Organizations from 20 to 50. Increased maximum number of primary security groups per policy from one to three. Changed the maximum number of WCUs from a soft quota to a hard quota. | May 5, 2023 | |
You can now use up to 5,000 web ACL capacity units (WCUs) per rule group without requesting an increase from support. This new limit can't be increased. | May 1, 2023 | |
Amazon WAF now allows prefixes in Amazon S3 log bucket names. | May 1, 2023 | |
Updated the core rule set (CRS) rule group. | April 28, 2023 | |
Added support for Amazon Verified Access instances to Amazon WAF | You can now associate an Amazon WAF web ACL with a Verified Access instance. This change is only available in the latest version of Amazon WAF and not in Amazon WAF Classic. | April 28, 2023 |
Revised chapter on working with multiple Firewall Manager administrators | You can now designate multiple Firewall Manager administrators to create and manage the firewall resources of your organization. | April 24, 2023 |
Updated | April 21, 2023 | |
You can now customize the placement and characteristics of the CAPTCHA puzzle in your JavaScript client applications. | April 20, 2023 | |
Application integration renamed to intelligent threat integration | We renamed the existing functionality for client application integrations to intelligent threat integrations, to help distinguish between that and the new CAPTCHA application integration for JavaScript. | April 20, 2023 |
Using more than 1,500 web ACL capacity units (WCUs) in your web ACL incurs additional costs, which are adjusted automatically as your web ACL WCU usage increases and decreases. The web ACL maximum is 5,000 WCUs. | April 11, 2023 | |
You can now use up to 5,000 web ACL capacity units (WCUs) per web ACL without requesting an increase from support. This new limit can't be increased. | April 11, 2023 | |
For web ACLs that protect Amazon CloudFront distributions, you can increase the body inspection size limit up to 64 KB in your web ACL configuration. | April 11, 2023 | |
The maximum Amazon WAF body inspection size limit for Amazon CloudFront distributions is increased from 8 KB to 64 KB. The default inspection size limit for CloudFront is 16 KB. | April 11, 2023 | |
New Amazon WAF policy rule options in Amazon Firewall Manager | Amazon Firewall Manager adds support for Amazon WAF Fraud Control account takeover
prevention (ATP) and Amazon WAF Bot Control Amazon Managed Rules rule groups, Amazon S3 logging destinations, rule action overrides, | April 7, 2023 |
Updated | March 30, 2023 | |
Added warning about the usage of tags within security group policies | Firewall Manager won't update the tags of existing security groups or create new security groups if the policy has tags that conflict with the organization's tag policy. | March 28, 2023 |
Updated how to use a service role with Firewall Manager. | March 8, 2023 | |
Corrected information about how rate-based rules perform rate limiting | Rate based rules with scope-down statements only rate limit requests that match the rule's scope-down statement. We were stating that the limiting applied to all requests for any rate limited IP address. | March 1, 2023 |
Updated the PHP application rule group. | February 27, 2023 | |
You can now associate an Amazon WAF web ACL with an Amazon App Runner service. This change is only available in the latest version of Amazon WAF and not in Amazon WAF Classic. | February 23, 2023 | |
Updated guide to align with the IAM best practices. For more information, see Security best practices in IAM. | February 16, 2023 | |
Updated the rule group | February 15, 2023 | |
Amazon WAF Fraud Control account takeover prevention (ATP) login response inspection | For protected CloudFront distributions, you can now use ATP to block new login attempts from clients that have recently submitted too many failed login attempts. | February 15, 2023 |
Updated the core rule set. | January 25, 2023 | |
Added a section with best practices for implementing Bot Control, ATP, and other intelligent threat mitigation features. | January 22, 2023 | |
Added a section that maps HTTP/2 pseudo headers to their corresponding web request components. | January 20, 2023 | |
Updated guide to align with the IAM best practices. For more information, see Security best practices in IAM. | January 3, 2023 | |
Updated guide to align with the IAM best practices. For more information, see Security best practices in IAM. | January 3, 2023 | |
Updated guide to align with the IAM best practices. For more information, see Security best practices in IAM. | January 3, 2023 | |
Added information about deleting Amazon Route 53 Resolver DNS Firewall rule groups. | December 29, 2022 | |
Updated the Linux operating system rule set. | December 15, 2022 | |
Updated the core rule set. | December 5, 2022 | |
Firewall Manager adds support for Fortigate Cloud Native Firewall (CNF) as a Service policies | Firewall Manager now supports the Fortigate CNF policies. | December 2, 2022 |
For DNS Firewall policies, you now only need to enable Config for the resource type EC2 VPC. | November 17, 2022 | |
Updated | November 15, 2022 | |
Expansion of language options for the Amazon WAF CAPTCHA puzzle | The CAPTCHA puzzle now offers its written instructions in multiple languages. The instructions inside each audio puzzle are still provided in English only. | November 11, 2022 |
Added new quotas for resource sets. | November 8, 2022 | |
You can create resource sets to group resources to manage in an Firewall Manager policy. | November 8, 2022 | |
You can now import and manage existing firewalls in Network Firewall policies using resource sets. | November 8, 2022 | |
Updated | November 2, 2022 | |
Geo match statement now adds labels to requests for country and region | You can now manage geographical request origins at the region level by combining geo matching with label matching. | October 31, 2022 |
The section is now named Amazon WAF intelligent threat mitigation, which aligns with our marketing pages. | October 27, 2022 | |
New targeted protection level in the Bot Control managed rule group | The Bot Control managed rule group now offers additional, targeted rules for the detection and mitigation of sophisticated bots. This protection level is available for additional fees. | October 27, 2022 |
Understand how Amazon WAF uses tokens for intelligent threat mitigation. | October 27, 2022 | |
Added important note about updating Firewall Manager Network Firewall policies | When you update a Firewall Manager policy, all Network Firewall policies that were created by the policy will be updated with the Firewall Manager policy's Network Firewall policy configuration. | October 27, 2022 |
You can now override the actions of the rules in a rule group to any rule action setting. As with the prior Count action override, you can apply your overrides to all rules in a rule group and to individual rules. | October 27, 2022 | |
You can configure rules to use a Challenge, to verify that requests are being sent by browsers. | October 27, 2022 | |
Amazon WAF allows token sharing across multiple protected applications | You can enable the use of tokens across multiple protected applications by configuring a token domain list for your web ACL. | October 27, 2022 |
Changed the all headers specification to be case insensitive. This matches the single header behavior. | October 26, 2022 | |
Corrections to | October 21, 2022 | |
Updated the known bad inputs rule group. | October 20, 2022 | |
Updated the known bad inputs rule group. | October 5, 2022 | |
Lowered the default value for | September 30, 2022 | |
Corrected the label names provided in this documentation for the following rule groups: POSIX operating system, PHP application, WordPress application. | September 19, 2022 | |
New Amazon WAF policy rule option in Amazon Firewall Manager | Amazon Firewall Manager now supports customized web requests and responses for default web actions in Amazon WAF policies. | September 9, 2022 |
Updated the following rule groups: IP reputation. | August 30, 2022 | |
Updated | August 25, 2022 | |
You can now use the Amazon WAF Fraud Control account takeover prevention (ATP) functionality with Amazon CloudFront distributions. | August 24, 2022 | |
Updated the following rule groups: Known bad inputs. | August 22, 2022 | |
Updated the following rule groups: | August 11, 2022 | |
You can now associate an Amazon WAF web ACL with an Amazon Cognito user pool. This change is only available in the latest version of Amazon WAF and not in Amazon WAF Classic. | August 11, 2022 | |
Added a section on deployments for versioned Amazon Managed Rules rule groups | Added a new section documenting deployments for versioned Amazon Managed Rules rule groups. The section includes information about how default versions are named during release candidate deployments. | July 29, 2022 |
Updated requirements for configuring logging for Network Firewall policies | Added requirements for Network Firewall policies that use an encrypted Amazon S3 bucket as the log destination. | July 26, 2022 |
You can now raise the sensitivity of your SQL injection rule statements. This doesn't change the behavior of existing statements, whose sensitivity level at the default of LOW. | July 15, 2022 | |
Firewall Manager now supports stateful evaluation order and default actions in Network Firewall firewall policy configurations. | July 14, 2022 | |
Updates to Firewall Manager security group policy rules settings | Firewall Manager now supports tag distribution from primary security groups to replica security groups. | July 7, 2022 |
Expanded the information in the Shield guide to describe how Shield performs event mitigation. | June 24, 2022 | |
Updated guidance for testing and tuning Amazon WAF protections | The general guidance for testing and tuning Amazon WAF is updated and is now a top-level topic. | June 20, 2022 |
Updated the following rule groups: Core rule set (CRS). | June 9, 2022 | |
Added guidance on how to prevent the confused deputy problem for Firewall Manager. | June 1, 2022 | |
Updated the following rule groups: Core rule set (CRS). | May 24, 2022 | |
You can now inspect the cookies in a web request and you can inspect all headers in a web request, in addition to just a single header. | April 29, 2022 | |
Amazon WAF handling for oversize body, headers, and cookies request components | You can now specify how Amazon WAF should handle oversize request bodies, headers, and cookies inside your rules that inspect these components. Rules that you already created that inspect these components have behavior that matches the new Continue option for oversize handling. | April 29, 2022 |
Updated the Amazon S3 log permission policy and example. | April 12, 2022 | |
Shield Advanced now supports automatic application layer DDoS mitigation for Application Load Balancers, making it available for all application layer protections. You can configure Shield Advanced to automatically count or block the web requests that are part of an application layer DDoS attack on a protected resource. | April 8, 2022 | |
Added an indicator of the current default version setting for managed rule groups | Managed rule group version lists now indicate which version is the current default. | April 8, 2022 |
Updated the following rule groups: Amazon WAF Bot Control. | April 6, 2022 | |
Updated the following rule groups: Known bad inputs. | March 31, 2022 | |
Updated the following rule groups: Known bad inputs. | March 30, 2022 | |
Firewall Manager adds support for the Palo Alto Networks Cloud Next Generation Firewall (NGFW) | Firewall Manager now supports the Palo Alto Networks Cloud Next Generation Firewall (NGFW). | March 30, 2022 |
Add support for Palo Alto Networks Cloud NGFW to Amazon Firewall Manager | Amazon Firewall Manager now supports Palo Alto Networks Cloud Next Generation Firewall (NGFW) policies. | March 30, 2022 |
Expanded the information in the Shield guide to describe how Shield performs event detection and to provide examples of DDoS resilient architectures. | March 16, 2022 | |
Expanded the information in the Shield guide and improved the organization of various sections. The main changes are in the following Shield guide sections: Shield Response Team (SRT) support, Resource protections in Amazon Shield Advanced, and Visibility into DDoS events. | February 28, 2022 | |
Firewall Manager now supports the Network Firewall centralized deployment model | Added a new procedure that explains how to configure policies that use distributed and centralized deployment models. | February 24, 2022 |
Firewall Manager adds support for the Amazon Network Firewall centralized deployment model | You can now configure your Amazon Network Firewall policies to use either the distributed or centralized deployment model. With the distributed deployment model, Firewall Manager creates and maintains firewall endpoints in each VPC that's within the policy scope. With the centralized deployment model, Firewall Manager creates and maintains firewall endpoints in a single inspection VPC. | February 24, 2022 |
Add support for Amazon WAF managed rule group versioning to Amazon Firewall Manager | Amazon Firewall Manager now supports Amazon WAF managed rule group versioning in Firewall Manager Amazon WAF policies. | February 18, 2022 |
Update to | February 16, 2022 | |
Updated the following rule groups: IP reputation lists. | February 15, 2022 | |
Updated the Amazon WAF Fraud Control account takeover prevention (ATP) rule group | February 11, 2022 | |
Added a new top-level section for managed protections. Moved the CAPTCHA section from under rules to under the new managed protections section. Moved the labels section from under rules to its own top-level section. | February 11, 2022 | |
Use the Amazon WAF JavaScript and mobile client APIs to integrate your client applications with the intelligent threat mitigation Amazon Managed Rules rule groups for enhanced detection. | February 11, 2022 | |
You can detect and block account takeover attempts with the new Amazon WAF Fraud Control account takeover prevention (ATP) managed
rule group | February 11, 2022 | |
Updated the following rule groups: Known bad inputs. | January 28, 2022 | |
Updated | January 11, 2022 | |
Updated the following rule groups: core rule set (CRS), SQLi database. | January 10, 2022 | |
Firewall Manager supports Shield Advanced automatic application layer DDoS mitigation | Firewall Manager Shield Advanced policies for Amazon CloudFront resources now include support for automatic application layer DDoS mitigation. | January 7, 2022 |
Update to | January 7, 2022 | |
Updated the following rule groups: Known bad inputs. | December 17, 2021 | |
Updated the following rule groups: Known bad inputs. | December 11, 2021 | |
Updated the following rule groups: Known bad inputs. | December 10, 2021 | |
Added | December 1, 2021 | |
Added | December 1, 2021 | |
Shield Advanced now supports automatic application layer DDoS mitigation for Amazon CloudFront distributions. You can configure Shield Advanced to automatically count or block the web requests that are part of an application layer DDoS attack on a CloudFront distribution. | December 1, 2021 | |
Updated the following rule groups: core rule set (CRS), Windows operating system, Linux operating system, and IP reputation lists. | November 23, 2021 | |
Update to | November 18, 2021 | |
You can now log web ACL traffic to an Amazon CloudWatch Logs log group or an Amazon Simple Storage Service (Amazon S3) bucket. These options are in addition to the existing option of logging to an Amazon Data Firehose delivery stream. | November 15, 2021 | |
Updated | November 15, 2021 | |
You can configure rules to run a CAPTCHA against web requests and, as needed, send a CAPTCHA problem to the client. | November 8, 2021 | |
Updated the core rule set (CRS) rule group. | October 27, 2021 | |
All Amazon Managed Rules rule groups now support labeling. The rule descriptions include the label specifications. | October 25, 2021 | |
Amazon Firewall Manager now supports log filtering for Network Firewall policies. | October 4, 2021 | |
Update to | September 29, 2021 | |
You can now match web requests against a single regular expression. | September 22, 2021 | |
You can now define rate-based rules inside Amazon WAF rule groups. In Amazon Firewall Manager, this capability is fully supported for Amazon WAF policies. | September 13, 2021 | |
Automatically remove out-of-scope resource protections in Amazon Firewall Manager | Amazon Firewall Manager allows you to automatically remove protections from resources that leave policy scope. | August 25, 2021 |
Update to | August 12, 2021 | |
Managed rule group providers can now version their rule groups. | August 9, 2021 | |
You can use the organization's management account as the Firewall Manager administrator account. This had been disallowed. | August 2, 2021 | |
Increased the number of Amazon VPC instances that you can have in scope of a Firewall Manager policy from 10 to 100. | July 28, 2021 | |
Amazon Firewall Manager support for Amazon Network Firewall route table monitoring | Amazon Firewall Manager now supports route table monitoring, and provides remediation action recommendations to security administrators for Amazon Network Firewall policies with misconfigured routes. | July 8, 2021 |
Expanded options for text transformations, which you can apply to web request components before inspecting them. | June 24, 2021 | |
Modified naming for Firewall Manager Amazon WAF policy resources | The naming for the web ACLs, rule groups, and logging that Firewall Manager manages for your Amazon WAF policies has changed. | May 26, 2021 |
Updated support for labeling to IP reputation lists and removed suffixes on rule names for Amazon IP reputation list. | May 4, 2021 | |
Add support for Amazon Organizations Delegated Administrator | When you set the Amazon Firewall Manager administrator account, Firewall Manager now designates the account as the Amazon Organizations delegated administrator for Firewall Manager. With this change, when you set the Firewall Manager administrator account, you must provide a member account other than the organization's management account. This change doesn't affect your existing settings. | April 30, 2021 |
Updated the Amazon WAF Bot Control rule group. | April 1, 2021 | |
You can now set the individual rule actions in a rule group to Count. The information for the existing override, which is at the rule group level, has been corrected. | April 1, 2021 | |
You can now use a scope-down statement with managed rule groups in the same way as you can with a rate-based statement. | April 1, 2021 | |
You can now filter the web ACL traffic that you log based on rule action and label. | April 1, 2021 | |
You can configure rules to add labels to matching web requests and to match on labels that are added by other rules. | April 1, 2021 | |
You can monitor and control bot traffic with the new Amazon WAF Bot Control feature, which combines the Bot Control managed rule group with web request labeling, scope-down statements, and log filtering. | April 1, 2021 | |
Firewall Manager supports Amazon Route 53 Resolver DNS Firewall policies | Amazon Firewall Manager supports central management of Amazon Route 53 Resolver DNS Firewall outbound DNS traffic filtering for your VPCs. | March 31, 2021 |
You can include custom headers for web requests that Amazon WAF doesn't block and you can send custom responses for web requests that Amazon WAF blocks. This is available for web ACL default action and rule action settings. | March 29, 2021 | |
Update to | March 17, 2021 | |
Updated the following rule groups: core rule set (CRS), admin protection, known bad inputs, and Linux operating system. | March 3, 2021 | |
Shield started tracking changes for its Amazon managed policies. | March 3, 2021 | |
Firewall Manager started tracking changes for its Amazon managed policies. | March 2, 2021 | |
Amazon WAF started tracking changes for its Amazon managed policies. | March 1, 2021 | |
Added the option to inspect the web request body as parsed and filtered JSON. This is in addition to the existing option to inspect the web request body as plain text. | February 12, 2021 | |
Amazon Firewall Manager supports central management of Amazon Network Firewall network traffic filtering for your VPCs. | November 17, 2020 | |
You can now group your protected resources into logical groups and manage their protections collectively. | November 13, 2020 | |
You can now associate an Amazon WAF web ACL with your Amazon AppSync GraphQL API. This change is only available in the latest version of Amazon WAF and not in Amazon WAF Classic. | October 1, 2020 | |
Updated the Windows operating system rule set. | September 23, 2020 | |
Updated the rule sets PHP application and POSIX operating system. | September 16, 2020 | |
Amazon Shield offers a new console option, with an improved user experience. The console guidance in the documentation is for the new console. | September 1, 2020 | |
Amazon Firewall Manager common security group policies now support Application Load Balancers and Classic Load Balancers resource types through the console implementation. The new options are available in the common policy's Policy scope settings. | August 11, 2020 | |
Updated the core rule set. | August 7, 2020 | |
Added the option to use IP addresses from an HTTP header that you
specify, instead of using the web request origin. The alternate header
is commonly | July 9, 2020 | |
Firewall Manager updates to content audit security group policies | Amazon Firewall Manager has expanded functionality for content audit security group policies including a managed rules option, that uses managed application and protocol lists, and details for resource violations. | July 7, 2020 |
Amazon Firewall Manager now supports managed application and protocol lists. Firewall Manager manages some lists and you can create and manage your own. | July 7, 2020 | |
Firewall Manager supports shared VPCs in common security group policies | Amazon Firewall Manager now supports using common security group policies in shared VPCs. You can do this in addition to using them in the VPCs owned by in-scope accounts. | May 26, 2020 |
Added documentation for each rule in the Amazon Managed Rules for Amazon WAF. | May 20, 2020 | |
Updated the Linux operating system rule group. | May 19, 2020 | |
Add support for migrating Amazon WAF Classic resources to Amazon WAF (v2) | You can now use the console or API to export your Amazon WAF Classic resources for migration to the latest version of Amazon WAF. | April 27, 2020 |
Add support for Amazon Organizations organizational units in policy scope | Amazon Firewall Manager now supports using Amazon Organizations organizational units (OUs) to specify policy scope. You can use OUs to include or exclude accounts from the scope, in addition to including or excluding specific accounts. Specifying an OU is the same as specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. | April 6, 2020 |
Amazon Firewall Manager now supports the latest version of Amazon WAF, in addition to the prior version, Amazon WAF Classic. | March 31, 2020 | |
Update to Amazon Firewall Manager common security group policies | Amazon Firewall Manager common security group policy now has the option to apply the policy to all elastic network interfaces in your in-scope Amazon EC2 instances. You can still choose to only apply the policy to the default elastic network interface. | March 11, 2020 |
Amazon Managed Rules for Amazon WAF added an | March 6, 2020 | |
Amazon Managed Rules for Amazon WAF updated the WordPress application and | March 3, 2020 | |
Added Amazon Route 53 health check to Amazon Shield Advanced protection options | Shield Advanced now supports the use of Amazon Route 53 health check associations, to improve the accuracy of threat detection and mitigation. | February 14, 2020 |
Amazon Managed Rules for Amazon WAF has updated the SQL Database rule group to add checking the message URI. | January 23, 2020 | |
Firewall Manager new option for security group usage audit policy | Firewall Manager has a new option for security group usage audit policies. You can now set a minimum number of minutes a security group must remain unused before it's considered noncompliant. By default, this minutes setting is zero. | January 14, 2020 |
Firewall Manager has a new option for Amazon WAF policies. You can now choose to remove all existing web ACL associations from in-scope resources before associating the policy's new web ACLs to them. | January 14, 2020 | |
Amazon Managed Rules for Amazon WAF has updated text transformations for rules in the Core Rule Set and the SQL Database rule groups. | December 20, 2019 | |
Amazon Firewall Manager now creates findings for resources that are out of compliance and for attacks and sends them to Amazon Security Hub. | December 18, 2019 | |
New version of the Amazon WAF developer guide. You can manage a web ACL or rule group in JSON format. Expanded capabilities include logical rule statements, rule statement nesting, and full CIDR support for IP addresses and address ranges. Rules are no longer Amazon resources, but exist only in the context of a web ACL or rule group. For existing customers, the prior version of the service is now called Amazon WAF Classic. In the APIs, SDKs, and CLIs, Amazon WAF Classic retains its naming schemes and this latest version of Amazon WAF is referred to with an added "V2" or "v2", depending on the context. Amazon WAF can't access Amazon resources that were created in Amazon WAF Classic. To use those resources in Amazon WAF, you need to migrate them. | November 25, 2019 | |
Added Amazon Managed Rules rule groups. These are free of charge for Amazon WAF customers. | November 25, 2019 | |
Amazon Firewall Manager support for Amazon Virtual Private Cloud security groups | Added support for Amazon VPC security groups to Firewall Manager. | October 10, 2019 |
Added support for Shield Advanced to Firewall Manager. | March 15, 2019 | |
Added tutorial on creating hierarchical policies in Amazon Firewall Manager. | February 11, 2019 | |
You can now exclude individual rules from Amazon Web Services Marketplace rule groups, as well as your own rule groups. | December 12, 2018 | |
Amazon Shield Advanced support for Amazon Global Accelerator standard accelerators | Shield Advanced can now protect Amazon Global Accelerator standard accelerators. | November 26, 2018 |
Amazon WAF now protects Amazon API Gateway APIs. | October 25, 2018 | |
New wizard provides opportunity to create rate-based rules and Amazon CloudWatch Events. | August 31, 2018 | |
Enable logging to get detailed information about traffic that is analyzed by your web ACL. | August 31, 2018 | |
When creating a condition, you can now search the requests for specific parameters. | June 5, 2018 | |
Introduces a new streamlined process for subscribing to Amazon Shield Advanced. | June 5, 2018 | |
When creating an IP match condition, Amazon WAF now supports IPv4 address ranges: /8 and any range between /16 through /32. | June 5, 2018 |