Amazon WAF rules that add labels - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon WAF rules that add labels

In almost all rules, you can define labels and Amazon WAF will apply them to any matching request.

The following rule types are the only exceptions:

  • Rate-based rules label only while rate limiting – Rate-based rules only add labels to web requests for a specific aggregation instance while that instance is being rate limited by Amazon WAF. For information about rate-based rules, see Rate-based rule statement.

  • Labeling isn't allowed in rule group reference statements – The console doesn't accept labels for these rule types. Through the API, specifying a label for either statement type results in a validation exception. For information about these statement types, see Managed rule group statement and Rule group statement.

WCUs – 1 WCU for every 5 labels that you define in your web ACL or rule group rules.

Where to find this
  • Rule builder on the console – Under the rule's Action settings, under Label.

  • API data typeRule RuleLabels

You define a label in a rule by specifying the custom namespace strings and name to append to the label namespace prefix. Amazon WAF derives the prefix from the context in which you define the rule. For information about this, see the label syntax information under Amazon WAF label syntax and naming requirements.