AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-03-10 · Documentation low

File: AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja3fingerprint.md

Summary

Added documentation for JA3 fingerprint rate limiting and fallback behaviors when TLS information is insufficient

Security assessment

Documents security feature (JA3 fingerprint-based rate limiting) but no evidence of addressing a specific vulnerability

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja3fingerprint.md
index 4ab17c55d..e67560900 100644
--- a/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja3fingerprint.md
+++ b/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja3fingerprint.md
@@ -7 +7 @@ SyntaxProperties
-The `RateLimitJA3Fingerprint` property type specifies Property description not available. for an [AWS::WAFv2::RuleGroup](./aws-resource-wafv2-rulegroup.html).
+Use the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance. 
@@ -32 +32,10 @@ To declare this entity in your AWS CloudFormation template, use the following sy
-Property description not available.
+The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint.
+
+You can specify the following fallback behaviors:
+
+  * `MATCH` \- Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+
+  * `NO_MATCH` \- Treat the web request as not matching the rule statement.
+
+
+