AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-03-10 · Documentation low

File: AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.md

Summary

Added documentation for JA4 fingerprint rate limiting and fallback behaviors when TLS information is insufficient

Security assessment

Documents security feature (JA4 fingerprint-based rate limiting) without reference to a specific security incident

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.md
index 116f415c0..b4932587c 100644
--- a/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.md
+++ b/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.md
@@ -7 +7 @@ SyntaxProperties
-The `RateLimitJA4Fingerprint` property type specifies Property description not available. for an [AWS::WAFv2::RuleGroup](./aws-resource-wafv2-rulegroup.html).
+Use the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
@@ -32 +32,10 @@ To declare this entity in your AWS CloudFormation template, use the following sy
-Property description not available.
+The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint.
+
+You can specify the following fallback behaviors:
+
+  * `MATCH` \- Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+
+  * `NO_MATCH` \- Treat the web request as not matching the rule statement.
+
+
+