Using logical rule statements in Amazon WAF - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using logical rule statements in Amazon WAF

This section explains what a logical rule statement is and how it works.

Use logical rules statements to combine other statements or negate their results. Every logical rule statement takes at least one nested statement.

To logically combine or negate rule statement results, you nest the statements under logical rule statements.

Logical rules statements are nestable. You can nest them inside other logical rule statements and use them in scope-down statements. For information about scope-down statements, see Using scope-down statements in Amazon WAF.

Note

The visual editor on the console supports one level of rule statement nesting, which works for many needs. To nest more levels, edit the JSON representation of the rule on the console or use the APIs.

This table describes the logical rule statements and provides guidelines for calculating web ACL capacity units (WCU) usage for each. For information about WCUs, see Web ACL capacity units (WCUs) in Amazon WAF.

Logical Statement

Description

WCUs

AND logic

Combines nested statements with AND logic.

Based on nested statements

NOT logic

Negates the results of a nested statement.

Based on nested statement

OR logic

Combines nested statements with OR logic.

Based on nested statements