AWS network-firewall documentation change
Summary
Added two document history entries: one about a caveat regarding matching HTTP rules under a TLS inspection configuration (requiring HTTP2 rules for HTTP2 workloads) and another about HTTP/2 overloading not being supported.
Security assessment
The changes document limitations and caveats related to TLS inspection and HTTP/2 support in Network Firewall. While these are security-related features, there is no evidence of a specific security vulnerability being addressed; they are documentation updates about product capabilities and limitations.
Diff
diff --git a/network-firewall/latest/developerguide/document-history.md b/network-firewall/latest/developerguide/document-history.md index 7cdcc13fa..80f15dcb1 100644 --- a//network-firewall/latest/developerguide/document-history.md +++ b//network-firewall/latest/developerguide/document-history.md @@ -12,0 +13,2 @@ Change| Description| Date +[Added caveat regarding matching HTTP rules under a TLS inspection configuration](./suricata-limitations-caveats.html)| Customer must add HTTP2 rules in addition to HTTP to protect against HTTP2 workloads under a TLS inspection configuration.| March 26, 2026 +[Added caveat regarding HTTP/2 overloading support](./suricata-limitations-caveats.html)| Network Firewall does not support HTTP/2 overloading.| March 26, 2026