AWS WAF adds support for inspecting multiple request headers | Amazon Web Services

2 012
Published on 31 Aug 2022, 19:55
AWS WAF now supports evaluating multiple headers in the HTTP request, without the need to specify each header individually in AWS WAF rules. You can also use this new capability to easily inspect all cookies in the HTTP request, without the need to specify each cookie in WAF rules. This capability helps you protect your applications or API endpoints from attacks that try to exploit a custom header or cookie, or a common header for which you may not have created a WAF rule. You can also limit the scope of inspection to only included or excluded headers, and inspect only the keys or only the values for the headers or cookies you want to inspect.
For HTTP requests that may include more headers than WAF can inspect, you can provide oversize handling instructions when you define your rule statement. Oversize handling tells WAF what to do with a web request when the number or size of request headers is over the limits. With oversize handling, you can choose whether to continue inspection or skip inspection and mark the request as matching or not matching the WAF rule. For more information about handling oversize content, see oversize request component handling documentation.

WAF Developer Guide:
Oversize Request Handling:

More AWS videos -
More AWS events videos -

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.

#AWSWAF #AWS #AmazonWebServices #CloudComputing