Using managed rule group statements in Amazon WAF
This section explains how managed rule group rule statements work.
The managed rule group rule statement adds a reference in your web ACL rules list to a managed rule group. You don't see this option under your rule statements on the console, but when you work with the JSON format of your web ACL, any managed rule groups that you've added show up under the web ACL rules as this type.
A managed rule group is either an Amazon Managed Rules rule group, most of which are free for Amazon WAF customers, or a Amazon Web Services Marketplace managed rule group. You automatically subscribe to the paid Amazon Managed Rules rule groups when you add them to your web ACL. You can subscribe to Amazon Web Services Marketplace managed rule groups through Amazon Web Services Marketplace. For more information, see Using managed rule groups in Amazon WAF.
When you add a rule group to a web ACL, you can override the actions of rules in the group to Count or to another rule action. For more information, see Overriding rule group actions in Amazon WAF.
You can narrow the scope of the requests that Amazon WAF evaluates with the rule group. To do this, you add a scope-down statement inside the rule group statement. For information about scope-down statements, see Using scope-down statements in Amazon WAF. This can help you manage how the rule group affects your traffic and can help you contain costs associated with traffic volume when you use the rule group. For information and examples for using scope-down statements with the Amazon WAF Bot Control managed rule group, see Amazon WAF Bot Control.
Rule statement characteristics
Not nestable – You can't nest this statement type inside other statements, and you can't include it in a rule group. You can include it directly in a web ACL.
(Optional) Scope-down statement – This rule type takes an optional scope-down statement, to narrow the scope of the requests that the rule group evaluates. For more information, see Using scope-down statements in Amazon WAF.
WCUs – Set for the rule group at creation.
Where to find this rule statement
-
Console – During the process of creating a web ACL, on the Add rules and rule groups page, choose Add managed rule groups, and then find and select the rule group that you want to use.