AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-07 · Documentation low

File: waf/latest/developerguide/waf-rule-statement-forwarded-ip-address.md

Summary

Added ASN match details and forwarded IP handling instructions

Security assessment

Documents ASN-based matching logic for security rules, including proxy handling guidance.

Diff

diff --git a/waf/latest/developerguide/waf-rule-statement-forwarded-ip-address.md b/waf/latest/developerguide/waf-rule-statement-forwarded-ip-address.md
index 909f558f4..7428cc5ee 100644
--- a//waf/latest/developerguide/waf-rule-statement-forwarded-ip-address.md
+++ b//waf/latest/developerguide/waf-rule-statement-forwarded-ip-address.md
@@ -16,0 +17,2 @@ The rule statements that use IP addresses are the following:
+  * [ASN match](./waf-rule-statement-type-asn-match.html) \- Uses the IP address to determine the Autonomous System Number (ASN) and matches the ASN against a list of ASNs.
+
@@ -67,0 +70,2 @@ The following list describes requirements and caveats for using forwarded IP add
+  * For ASN match, you indicate whether to match against the first, last, or any address in the header against the specified ASN. If you specify any, AWS WAF inspects all addresses in the header for a match, up to 10 addresses. If the header contains more than 10 addresses, AWS WAF inspects the last 10.
+