AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-05-01 · Documentation low

File: waf/latest/developerguide/aws-managed-rule-groups-use-case.md

Summary

Added new SQL injection detection rules for headers and URI paths, and expanded Windows shell command injection detection to cover headers and URI paths in addition to cookies.

Security assessment

This change documents new WAF managed rules that enhance security coverage by detecting SQL injection and command injection attacks in additional request components (headers, URI paths). While these are security feature additions, there's no evidence they address a specific, disclosed security vulnerability or incident; they appear to be proactive enhancements to detection capabilities.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-use-case.md b/waf/latest/developerguide/aws-managed-rule-groups-use-case.md
index 58bd78d71..3f6e6a37b 100644
--- a//waf/latest/developerguide/aws-managed-rule-groups-use-case.md
+++ b//waf/latest/developerguide/aws-managed-rule-groups-use-case.md
@@ -46,0 +47,2 @@ This rule only inspects the request body up to the body size limit for the prote
+`SQLiExtendedPatterns_HEADER` |  Inspects the request headers for patterns that match malicious SQL code.  Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLiExtendedPatterns_Header`  
+`SQLiExtendedPatterns_URIPATH` |  Inspects the request path for patterns that match malicious SQL code. The patterns this rule inspects for aren't covered by the rule `SQLi_URIPATH`.  Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLiExtendedPatterns_UriPath`  
@@ -124 +126 @@ Rule name | Description and label
-`WindowsShellCommands_COOKIE` |  Inspects the request cookie headers for WindowsShell command injection attempts in web applications. The match patterns represent WindowsShell commands. Example patterns include `||nslookup` and `;cmd`.  Rule action: Block Label: `awswaf:managed:aws:windows-os:WindowsShellCommands_Cookie`  
+`WindowsShellCommands_HEADER` |  Inspects all request headers and blocks WindowsShell command injection attempts in web applications. The match patterns represent WindowsShell commands. Example patterns include `||nslookup` and `;cmd`.  Rule action: Block Label: `awswaf:managed:aws:windows-os:WindowsShellCommands_Header`  
@@ -125,0 +128 @@ Rule name | Description and label
+`WindowsShellCommands_URIPATH` |  Inspects the request path and blocks WindowsShell command injection attempts in web applications. The match patterns represent WindowsShell commands. Example patterns include `||nslookup` and `;cmd`.  Rule action: Block Label: `awswaf:managed:aws:windows-os:WindowsShellCommands_UriPath`