AWS AWSCloudFormation documentation change
Summary
Added documentation for JA4 fingerprint rate limiting and fallback behaviors when TLS information is insufficient
Security assessment
Documents security feature (JA4 fingerprint-based rate limiting) without reference to a specific security incident
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.md index 116f415c0..b4932587c 100644 --- a/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.md +++ b/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.md @@ -7 +7 @@ SyntaxProperties -The `RateLimitJA4Fingerprint` property type specifies Property description not available. for an [AWS::WAFv2::RuleGroup](./aws-resource-wafv2-rulegroup.html). +Use the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance. @@ -32 +32,10 @@ To declare this entity in your AWS CloudFormation template, use the following sy -Property description not available. +The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. + +You can specify the following fallback behaviors: + + * `MATCH` \- Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. + + * `NO_MATCH` \- Treat the web request as not matching the rule statement. + + +