AWS elasticloadbalancing documentation change
Summary
Added documentation for rule transforms, expanded regex matching options, clarified HTTPS listener requirement for authentication, and updated UI step numbering/descriptions.
Security assessment
The change emphasizes authentication rules must be applied to HTTPS listeners (best practice for secure communication) and adds input validation constraints (e.g., character limits/special character restrictions). However, there is no explicit mention of addressing a specific vulnerability.
Diff
diff --git a/elasticloadbalancing/latest/application/add-rule.md b/elasticloadbalancing/latest/application/add-rule.md index 648a6e2ab..70a4f949b 100644 --- a//elasticloadbalancing/latest/application/add-rule.md +++ b//elasticloadbalancing/latest/application/add-rule.md @@ -7 +7,10 @@ -You define a default rule when you create a listener. You can define additional rules at any time. Each rule must specify an action and a condition. For more information, see [Action types](./rule-action-types.html) and [Condition types](./rule-condition-types.html). +You define a default rule when you create a listener. You can define additional rules at any time. Each rule must specify an action and a condition, and can optionally specify transforms. For more information, see the following: + + * [Action types](./rule-action-types.html) + + * [Condition types](./rule-condition-types.html) + + * [Transforms](./rule-transforms.html) + + + @@ -20 +29 @@ Console - 4. On the **Listeners and rules** tabs, select the text in the **Protocol:Port** column to open the detail pages for the listener. + 4. On the **Listeners and rules** tab, select the text in the **Protocol:Port** column to open the detail page for the listener. @@ -24 +33 @@ Console - 6. (Optional) To specify a name for your rule, expand **Name and tags** and enter the name. To add additional tags, choose **Add additional tags**. + 6. (Optional) To specify a name for your rule, expand **Name and tags** and enter the name. To add additional tags, choose **Add additional tags** and enter the tag key and tag value. @@ -28 +37,5 @@ Console - * **Host header** – Enter the host header. For example: `*.example.com`. + * **Host header** – Select the match pattern type and enter the host header. + +Value matching – Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9; the following special characters: -_.; and wildcards (* and ?). You must include at least one "." character. You can include only alphabetical characters after the final "." character. + +Regex matching – Maximum 128 characters. @@ -30 +43 @@ Console -Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9; the following special characters: -_.; and wildcards (* and ?). You must include at least one "." character. You can include only alphabetical characters after the final "." character. + * **Path** – Select the match pattern type and enter the path. @@ -32 +45 @@ Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9 - * **Path** – Enter the path. For example: `/item/*`. +Value matching – Maximum 128 characters. Case sensitive. Allowed characters are a-z, A-Z, 0-9; the following special characters: _-.$/~"'@:+; &; and wildcards (* and ?). @@ -34 +47 @@ Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9 -Maximum 128 characters. Case sensitive. Allowed characters are a-z, A-Z, 0-9; the following special characters: _-.$/~"'@:+; &; and wildcards (* and ?). +Regex matching – Maximum 128 characters. @@ -44 +57 @@ Maximum 40 characters. Case sensitive. Allowed characters are A-Z, and the follo - * **HTTP header** – Enter the name of the header and add one or more comparison strings. + * **HTTP header** – Select the match pattern type and enter the name of the header and the comparison strings. @@ -48 +61,3 @@ Maximum 40 characters. Case sensitive. Allowed characters are A-Z, and the follo -Maximum 40 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9, and the following special characters: *?-!#$%&'+.^_`|~. Wildcards are not supported. +Value matching – Maximum 40 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9, and the following special characters: *?-!#$%&'+.^_`|~. Wildcards are not supported. + +Regex matching – Maximum 128 characters. @@ -52 +67,3 @@ Maximum 40 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9, -Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9; spaces; the following special characters: !"#$%&'()+,./:;<=>@[]^_`{|}~-; and wildcards (* and ?). +Value matching Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9; spaces; the following special characters: !"#$%&'()+,./:;<=>@[]^_`{|}~-; and wildcards (* and ?). + +Regex matching – Maximum 128 characters. @@ -54 +71 @@ Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9 - * **Source IP** – Define the source IP address in CIDR format. + * **Source IP** – Define the source IP address in CIDR format. Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. @@ -56 +73 @@ Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9 -Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. + 8. (Optional) To add a transform, choose **Add transform** , choose the transform type, and enter a regular expression to match and a replacement string. @@ -58 +75 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. - 8. (Optional) To add an authentication rule, select **Authenticate users** chose an identity provider, and provide the required information. For more information, see [Authenticate users using an Application Load Balancer](./listener-authenticate-users.html). + 9. (Optional) To add an authentication rule to an HTTPS listener, choose **Actions** , **Authenticate users** , chose an identity provider, and provide the required information. For more information, see [Authenticate users using an Application Load Balancer](./listener-authenticate-users.html). @@ -60 +77 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. - 9. For **Routing action** , select one of the following routing actions and provide the required information: + 10. For **Actions** , **Routing action** , select one of the following routing actions and provide the required information: @@ -62 +79 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. - * **Forward to target groups** – Choose a target group. To add another target group, choose **Add target group** , choose a target group, review the relative percentages, and update the weights as needed. You must enable group-level stickiness if you enabled stickiness on any of the target groups. + * **Forward to target groups** – Choose a target group. To add another target group, choose **Add target group** , choose a target group, review the relative weights, and update the weights as needed. You must enable group-level stickiness if you enabled stickiness on any of the target groups. @@ -68 +85 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. - 10. Choose **Next**. + 11. Choose **Next**. @@ -70 +87 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. - 11. For **Priority** , enter a value from 1-50,000. Rules are evaluated in priority order from the lowest value to the highest value. + 12. For **Priority** , enter a value from 1-50,000. Rules are evaluated in priority order from the lowest value to the highest value. @@ -72 +89 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. - 12. Choose **Next**. + 13. Choose **Next**. @@ -74 +91 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported. - 13. On the **Review and create** page, choose **Create**. + 14. On the **Review and create** page, choose **Create**. @@ -215 +232 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Condition types +Transforms