AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-05-07 · Documentation low

File: waf/latest/developerguide/logging-fields.md

Summary

Clarified rate-based rule logging behavior and evaluation failures

Security assessment

Improved documentation for logging edge cases. No security vulnerability fixed; change enhances observability without addressing specific security issues. Note: Missing aggregation keys could lead to security misconfiguration, but the change only documents existing behavior.

Diff

diff --git a/waf/latest/developerguide/logging-fields.md b/waf/latest/developerguide/logging-fields.md
index f445e6302..61922755d 100644
--- a//waf/latest/developerguide/logging-fields.md
+++ b//waf/latest/developerguide/logging-fields.md
@@ -215 +215 @@ This list can contain zero or more of the following values: `REQUEST_BODY`, `REQ
-The list of rate-based rules that acted on the request. For information about rate-based rules, see [Using rate-based rule statements in AWS WAF](./waf-rule-statement-type-rate-based.html).
+The list of all rate-based rules in the web ACL that were evaluated against the request. This includes rules that could not be fully evaluated. For information about rate-based rules, see [Using rate-based rule statements in AWS WAF](./waf-rule-statement-type-rate-based.html).
@@ -220 +220 @@ rateBasedRuleId
-The ID of the rate-based rule that acted on the request. If this has terminated the request, the ID for `rateBasedRuleId` is the same as the ID for `terminatingRuleId`.
+The ID of the rate-based rule. If this has terminated the request, the ID for `rateBasedRuleId` is the same as the ID for `terminatingRuleId`. This field is set to `NO_EVALUATION_PERFORMED` when the rule could not be evaluated. This can happen when the request is missing a custom aggregation key such as a header or cookie required by `CUSTOMKEYS` aggregation.
@@ -225 +225 @@ rateBasedRuleName
-The name of the rate-based rule that acted on the request. 
+The name of the rate-based rule.