AWS Security ChangesHomeSearch

AWS waf medium security documentation change

Service: waf · 2025-07-16 · Security-related medium

File: waf/latest/developerguide/aws-managed-rule-groups-use-case.md

Summary

Added documentation for SQLi_URIPATH managed rule group that inspects cookie headers for SQL injection patterns

Security assessment

This directly documents a security feature designed to mitigate SQL injection attacks (OWASP Top 10 risk). The rule's explicit purpose is to block a common web application security vulnerability.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-use-case.md b/waf/latest/developerguide/aws-managed-rule-groups-use-case.md
index 5088c7321..764bcbddb 100644
--- a//waf/latest/developerguide/aws-managed-rule-groups-use-case.md
+++ b//waf/latest/developerguide/aws-managed-rule-groups-use-case.md
@@ -45,0 +46 @@ This rule only inspects the request body up to the body size limit for the prote
+`SQLi_URIPATH` |  Uses the built-in AWS WAF [SQL injection attack rule statement](./waf-rule-statement-type-sqli-match.html), with sensitivity level set to Low, to inspect the request cookie headers for patterns that match malicious SQL code.  Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLi_URIPath`