AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-03-19 · Documentation low

File: waf/latest/developerguide/waf-rule-statement-fields-list.md

Summary

Removed all documentation about URI fragment inspection capabilities and requirements

Security assessment

Removal of feature documentation suggests deprecation but lacks explicit security context or vulnerability references

Diff

diff --git a/waf/latest/developerguide/waf-rule-statement-fields-list.md b/waf/latest/developerguide/waf-rule-statement-fields-list.md
index 79033d3d4..49f979047 100644
--- a/waf/latest/developerguide/waf-rule-statement-fields-list.md
+++ b/waf/latest/developerguide/waf-rule-statement-fields-list.md
@@ -5 +5 @@
-HTTP methodSingle headerAll headersHeader orderCookiesURI fragmentURI pathJA3 fingerprintJA4 fingerprintQuery stringSingle query parameterAll query parametersBodyJSON body
+HTTP methodSingle headerAll headersHeader orderCookiesURI pathJA3 fingerprintJA4 fingerprintQuery stringSingle query parameterAll query parametersBodyJSON body
@@ -40,2 +39,0 @@ The rest of this section describes the options for the part of the web request t
-  * URI fragment
-
@@ -132,14 +129,0 @@ The match patterns setting can be one of the following:
-## URI fragment
-
-###### Note
-
-Uri Fragment inspection is available only for CloudFront distributions and Application Load Balancers.
-
-Inspects the part of a URL that follows the "#" symbol, providing additional information about the resource, for example, #section2. For information, see [Uniform Resource Identifier (URI): Generic Syntax](https://tools.ietf.org/html/rfc3986#section-3). 
-
-If you don't use a text transformation with this option, AWS WAF doesn't normalize the URI fragment and inspects it exactly as it receives it from the client in the request. For information about text transformations, see [Using text transformations in AWS WAF](./waf-rule-statement-transformation.html).
-
-###### Rule statement requirements
-
-You must provide a fallback behavior for this rule statement. The fallback behavior is the match status that you want AWS WAF to assign to the web request if URI is missing the fragment or associated service is not Application Load Balancer or CloudFront. If you choose to match, AWS WAF treats the request as matching the rule statement and applies the rule action to the request. If you choose to not match, AWS WAF treats the request as not matching the rule statement.
-