AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-03-10 · Documentation low

File: waf/latest/developerguide/doc-history.md

Summary

Added documentation history entries for JA4 fingerprint support and rate-based rule aggregation features

Security assessment

Documents new security-focused features (JA4 fingerprint inspection) but doesn't indicate these changes address specific existing vulnerabilities. Adds documentation about security capabilities.

Diff

diff --git a/waf/latest/developerguide/doc-history.md
index fd43976e0..da303e82c 100644
--- a/waf/latest/developerguide/doc-history.md
+++ b/waf/latest/developerguide/doc-history.md
@@ -12,0 +13 @@ Change| Description| Date
+[AWS WAF supports new JA4 field matching](./waf-rule-statement-fields-list.html#waf-rule-statement-request-component-ja4-fingerprint)| You can detect and block traffic based on advanced JavaScript Fingerprinting (JA4) characteristics and use the JA4 fingerprint as one of the supported request keys within WAF rate-based rules.| March 4, 2025  
@@ -22,0 +24,2 @@ Change| Description| Date
+[Rate-based rule aggregation on JA3 and JA4 fingerprints](./waf-rule-statement-type-rate-based-aggregation-options.html)| You can now specify the JA3 fingerprint and JA4 fingerprint in your custom aggregation keys for rate-based rules.| December 20, 2024  
+[AWS WAF adds inspection of JA4 fingerprint](./waf-rule-statement-fields-list.html#waf-rule-statement-request-component-ja4-fingerprint)| You can now perform an exact match against the web request's JA4 fingerprint, for Amazon CloudFront distributions and Application Load Balancers. | December 20, 2024