Introducing a new console experience for Amazon WAF
You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see Working with the updated console experience.
Bot Control example: Using Bot Control only for the login page
The following example uses a scope-down statement to apply Amazon WAF Bot Control only for traffic
that's coming to a website's login page, which is identified by the URI path
login
. The URI path to your login page might be different from the
example, depending on your application and environment.
{ "Name": "AWS-AWSBotControl-Example", "Priority": 5, "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "
AWSManagedRulesBotControlRuleSet
", "ManagedRuleGroupConfigs": [ { "AWSManagedRulesBotControlRuleSet": { "InspectionLevel": "COMMON" } } ], "RuleActionOverrides": [], "ExcludedRules": [] }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSBotControl-Example" }, "ScopeDownStatement": { "ByteMatchStatement": { "SearchString": "login", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "CONTAINS" } } } }