AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-03-10 · Documentation low

File: AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.md

Summary

Added JA3 fingerprint rate limiting configuration and fallback options

Security assessment

Documents rate limiting based on TLS fingerprints as a security feature, not a specific vulnerability fix

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.md
index 6ab703fee..8c6818435 100644
--- a/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.md
+++ b/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.md
@@ -7 +7 @@ SyntaxProperties
-The `RateLimitJA3Fingerprint` property type specifies Property description not available. for an [AWS::WAFv2::WebACL](./aws-resource-wafv2-webacl.html).
+Use the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance. 
@@ -32 +32,10 @@ To declare this entity in your AWS CloudFormation template, use the following sy
-Property description not available.
+The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint.
+
+You can specify the following fallback behaviors:
+
+  * `MATCH` \- Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+
+  * `NO_MATCH` \- Treat the web request as not matching the rule statement.
+
+
+