Managed rule group statement

The managed rule group rule statement adds a reference in your web ACL rules list to a managed rule group. You don't see this option under your rule statements on the console, but when you work with the JSON format of your web ACL, any managed rule groups that you've added show up under the web ACL rules as this type.

A managed rule group is either an Amazon Managed Rules rule group, most of which are free for Amazon WAF customers, or a Amazon Web Services Marketplace managed rule group. You automatically subscribe to the paid Amazon Managed Rules rule groups when you add them to your web ACL. You can subscribe to Amazon Web Services Marketplace managed rule groups through Amazon Web Services Marketplace. For more information, see Managed rule groups.

When you add a rule group to a web ACL, you can override the actions of rules in the group to Count or to another rule action. For more information, see Action overrides in rule groups.

You can narrow the scope of the requests that Amazon WAF evaluates with the rule group. To do this, you add a scope-down statement inside the rule group statement. For information about scope-down statements, see Scope-down statements. This can help you manage how the rule group affects your traffic and can help you contain costs associated with traffic volume when you use the rule group. For information and examples for using scope-down statements with the Amazon WAF Bot Control managed rule group, see Amazon WAF Bot Control.

Not nestable – You can't nest this statement type inside other statements, and you can't include it in a rule group. You can include it directly in a web ACL.

(Optional) Scope-down statement – This rule type takes an optional scope-down statement, to narrow the scope of the requests that the rule group evaluates. For more information, see Scope-down statements.

WCUs – Set for the rule group at creation.