Rule group rule statements

Rule group rule statements are not nestable.

This section describes the rule group rule statements that you can use in your web ACL. Rule group web ACL capacity units (WCUs) are set by the rule group owner at the time of creation. For information about WCUs, see Amazon WAF web ACL capacity units (WCUs).

Rule group statement	Description	WCUs
Managed rule group	Runs the rules that are defined in the specified managed rule group. You can narrow the scope of requests that the rule group evaluates by adding a scope-down statement. You can't nest a managed rule group statement inside any other statement type.	Defined by the rule group, plus any additional WCUs for a scope-down statement.
Rule group	Runs the rules that are defined in a rule group that you manage. You can't add a scope-down statement to a rule group reference statement for your own rule group. You can't nest a rule group statement inside any other statement type	You define the WCU limit for the rule group when you create it.

Rule group statement

Description

WCUs

Managed rule group

Runs the rules that are defined in the specified managed rule group.

You can narrow the scope of requests that the rule group evaluates by adding a scope-down statement.

You can't nest a managed rule group statement inside any other statement type.

Defined by the rule group, plus any additional WCUs for a scope-down statement.

Rule group

Runs the rules that are defined in a rule group that you manage.

You can't add a scope-down statement to a rule group reference statement for your own rule group.

You can't nest a rule group statement inside any other statement type

You define the WCU limit for the rule group when you create it.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Listing rate limited IP addresses

Managed rule group