Creating and managing a regex pattern set in Amazon WAF - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating and managing a regex pattern set in Amazon WAF

A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement. Regex pattern sets are Amazon resources.

To use a regex pattern set in a web ACL or rule group, you first create an Amazon resource, RegexPatternSet with your regex pattern specifications. Then you reference the set when you add a regex pattern set rule statement to a web ACL or rule group. A regex pattern set must contain at least one regex pattern.

If your regex pattern set contains more than one regex pattern, when it's used in a rule, the pattern matching is combined with OR logic. That is, a web request will match the pattern set rule statement if the request component matches any of the patterns in the set.

Amazon WAF supports the pattern syntax used by the PCRE library libpcre with some exceptions. The library is documented at PCRE - Perl Compatible Regular Expressions. For information about Amazon WAF support, see Supported regular expression syntax in Amazon WAF.

Creating a regex pattern set

Follow the procedure in this section to create a new regex pattern set.

To create a regex pattern set
  1. Sign in to the Amazon Web Services Management Console and open the Amazon WAF console at https://console.amazonaws.cn/wafv2/.

  2. In the navigation pane, choose Regex pattern sets and then Create regex pattern set.

  3. Enter a name and description for the regex pattern set. You'll use these to identify it when you want to use the set.

    Note

    You can't change the name after you create the regex pattern set.

  4. For Region, choose Global (CloudFront) or choose the Region where you want to store the regex pattern set. You can use regional regex pattern sets only in web ACLs that protect regional resources. To use a regex pattern set in web ACLs that protect Amazon CloudFront distributions, you must use Global (CloudFront).

  5. In the Regular expressions text box, enter one regex pattern per line.

    For example, the regular expression I[a@]mAB[a@]dRequest matches the following strings: IamABadRequest, IamAB@dRequest, I@mABadRequest, and I@mAB@dRequest.

    Amazon WAF supports the pattern syntax used by the PCRE library libpcre with some exceptions. The library is documented at PCRE - Perl Compatible Regular Expressions. For information about Amazon WAF support, see Supported regular expression syntax in Amazon WAF.

  6. Review the settings for the regex pattern set, and choose Create regex pattern set.

Deleting a regex pattern set

Follow the guidance in this section to delete a referenced set.

Deleting referenced sets and rule groups

When you delete an entity that you can use in a web ACL, like an IP set, regex pattern set, or rule group, Amazon WAF checks to see if the entity is currently being used in a web ACL. If it finds that it is in use, Amazon WAF warns you. Amazon WAF is almost always able to determine if an entity is being referenced by a web ACL. However, in rare cases it might not be able to do so. If you need to be sure that nothing is currently using the entity, check for it in your web ACLs before deleting it. If the entity is a referenced set, also check that no rule groups are using it.

To delete a regex pattern set
  1. Sign in to the Amazon Web Services Management Console and open the Amazon WAF console at https://console.amazonaws.cn/wafv2/.

  2. In the navigation pane, choose Regex pattern sets.

  3. Select the regex pattern set that you want to delete and choose Delete.