AWS Security ChangesHomeSearch

AWS elasticloadbalancing documentation change

Service: elasticloadbalancing · 2025-10-16 · Documentation low

File: elasticloadbalancing/latest/application/add-rule.md

Summary

Added documentation for rule transforms, expanded regex matching options, clarified HTTPS listener requirement for authentication, and updated UI step numbering/descriptions.

Security assessment

The change emphasizes authentication rules must be applied to HTTPS listeners (best practice for secure communication) and adds input validation constraints (e.g., character limits/special character restrictions). However, there is no explicit mention of addressing a specific vulnerability.

Diff

diff --git a/elasticloadbalancing/latest/application/add-rule.md b/elasticloadbalancing/latest/application/add-rule.md
index 648a6e2ab..70a4f949b 100644
--- a//elasticloadbalancing/latest/application/add-rule.md
+++ b//elasticloadbalancing/latest/application/add-rule.md
@@ -7 +7,10 @@
-You define a default rule when you create a listener. You can define additional rules at any time. Each rule must specify an action and a condition. For more information, see [Action types](./rule-action-types.html) and [Condition types](./rule-condition-types.html).
+You define a default rule when you create a listener. You can define additional rules at any time. Each rule must specify an action and a condition, and can optionally specify transforms. For more information, see the following:
+
+  * [Action types](./rule-action-types.html)
+
+  * [Condition types](./rule-condition-types.html)
+
+  * [Transforms](./rule-transforms.html)
+
+
+
@@ -20 +29 @@ Console
-  4. On the **Listeners and rules** tabs, select the text in the **Protocol:Port** column to open the detail pages for the listener.
+  4. On the **Listeners and rules** tab, select the text in the **Protocol:Port** column to open the detail page for the listener.
@@ -24 +33 @@ Console
-  6. (Optional) To specify a name for your rule, expand **Name and tags** and enter the name. To add additional tags, choose **Add additional tags**.
+  6. (Optional) To specify a name for your rule, expand **Name and tags** and enter the name. To add additional tags, choose **Add additional tags** and enter the tag key and tag value.
@@ -28 +37,5 @@ Console
-     * **Host header** – Enter the host header. For example: `*.example.com`.
+     * **Host header** – Select the match pattern type and enter the host header.
+
+Value matching – Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9; the following special characters: -_.; and wildcards (* and ?). You must include at least one "." character. You can include only alphabetical characters after the final "." character.
+
+Regex matching – Maximum 128 characters.
@@ -30 +43 @@ Console
-Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9; the following special characters: -_.; and wildcards (* and ?). You must include at least one "." character. You can include only alphabetical characters after the final "." character.
+     * **Path** – Select the match pattern type and enter the path.
@@ -32 +45 @@ Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9
-     * **Path** – Enter the path. For example: `/item/*`.
+Value matching – Maximum 128 characters. Case sensitive. Allowed characters are a-z, A-Z, 0-9; the following special characters: _-.$/~"'@:+; &; and wildcards (* and ?).
@@ -34 +47 @@ Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9
-Maximum 128 characters. Case sensitive. Allowed characters are a-z, A-Z, 0-9; the following special characters: _-.$/~"'@:+; &; and wildcards (* and ?).
+Regex matching – Maximum 128 characters.
@@ -44 +57 @@ Maximum 40 characters. Case sensitive. Allowed characters are A-Z, and the follo
-     * **HTTP header** – Enter the name of the header and add one or more comparison strings.
+     * **HTTP header** – Select the match pattern type and enter the name of the header and the comparison strings.
@@ -48 +61,3 @@ Maximum 40 characters. Case sensitive. Allowed characters are A-Z, and the follo
-Maximum 40 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9, and the following special characters: *?-!#$%&'+.^_`|~. Wildcards are not supported.
+Value matching – Maximum 40 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9, and the following special characters: *?-!#$%&'+.^_`|~. Wildcards are not supported.
+
+Regex matching – Maximum 128 characters.
@@ -52 +67,3 @@ Maximum 40 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9,
-Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9; spaces; the following special characters: !"#$%&'()+,./:;<=>@[]^_`{|}~-; and wildcards (* and ?).
+Value matching Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9; spaces; the following special characters: !"#$%&'()+,./:;<=>@[]^_`{|}~-; and wildcards (* and ?).
+
+Regex matching – Maximum 128 characters.
@@ -54 +71 @@ Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9
-     * **Source IP** – Define the source IP address in CIDR format.
+     * **Source IP** – Define the source IP address in CIDR format. Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
@@ -56 +73 @@ Maximum 128 characters. Not case sensitive. Allowed characters are a-z, A-Z, 0-9
-Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
+  8. (Optional) To add a transform, choose **Add transform** , choose the transform type, and enter a regular expression to match and a replacement string.
@@ -58 +75 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
-  8. (Optional) To add an authentication rule, select **Authenticate users** chose an identity provider, and provide the required information. For more information, see [Authenticate users using an Application Load Balancer](./listener-authenticate-users.html).
+  9. (Optional) To add an authentication rule to an HTTPS listener, choose **Actions** , **Authenticate users** , chose an identity provider, and provide the required information. For more information, see [Authenticate users using an Application Load Balancer](./listener-authenticate-users.html).
@@ -60 +77 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
-  9. For **Routing action** , select one of the following routing actions and provide the required information:
+  10. For **Actions** , **Routing action** , select one of the following routing actions and provide the required information:
@@ -62 +79 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
-     * **Forward to target groups** – Choose a target group. To add another target group, choose **Add target group** , choose a target group, review the relative percentages, and update the weights as needed. You must enable group-level stickiness if you enabled stickiness on any of the target groups.
+     * **Forward to target groups** – Choose a target group. To add another target group, choose **Add target group** , choose a target group, review the relative weights, and update the weights as needed. You must enable group-level stickiness if you enabled stickiness on any of the target groups.
@@ -68 +85 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
-  10. Choose **Next**.
+  11. Choose **Next**.
@@ -70 +87 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
-  11. For **Priority** , enter a value from 1-50,000. Rules are evaluated in priority order from the lowest value to the highest value.
+  12. For **Priority** , enter a value from 1-50,000. Rules are evaluated in priority order from the lowest value to the highest value.
@@ -72 +89 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
-  12. Choose **Next**.
+  13. Choose **Next**.
@@ -74 +91 @@ Both IPv4 and IPv6 CIDRs are allowed. Wildcards are not supported.
-  13. On the **Review and create** page, choose **Create**.
+  14. On the **Review and create** page, choose **Create**.
@@ -215 +232 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Condition types
+Transforms