AWS waf medium security documentation change
Summary
Removed a note explaining size limitations for AWS WAF inspection of body, header, and cookie components, including a reference to oversize request components documentation.
Security assessment
The removed note provided critical guidance about configuring size constraints to ensure AWS WAF inspects components effectively. Removing this documentation could lead to misconfigurations where oversized components bypass inspection, increasing security risks.
Diff
diff --git a/waf/latest/developerguide/waf-rule-statement-type-size-constraint-match.md b/waf/latest/developerguide/waf-rule-statement-type-size-constraint-match.md index 313a911c0..0030dbded 100644 --- a//waf/latest/developerguide/waf-rule-statement-type-size-constraint-match.md +++ b//waf/latest/developerguide/waf-rule-statement-type-size-constraint-match.md @@ -48,4 +47,0 @@ Additionally, this statement requires the following settings: -###### Note - -For body, header, and cookie components, use a size less than the max size that AWS WAF can inspect. A larger number will never result in a match. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). -