AWS waf documentation change
Summary
Clarified rate-based rule logging behavior and evaluation failures
Security assessment
Improved documentation for logging edge cases. No security vulnerability fixed; change enhances observability without addressing specific security issues. Note: Missing aggregation keys could lead to security misconfiguration, but the change only documents existing behavior.
Diff
diff --git a/waf/latest/developerguide/logging-fields.md b/waf/latest/developerguide/logging-fields.md index f445e6302..61922755d 100644 --- a//waf/latest/developerguide/logging-fields.md +++ b//waf/latest/developerguide/logging-fields.md @@ -215 +215 @@ This list can contain zero or more of the following values: `REQUEST_BODY`, `REQ -The list of rate-based rules that acted on the request. For information about rate-based rules, see [Using rate-based rule statements in AWS WAF](./waf-rule-statement-type-rate-based.html). +The list of all rate-based rules in the web ACL that were evaluated against the request. This includes rules that could not be fully evaluated. For information about rate-based rules, see [Using rate-based rule statements in AWS WAF](./waf-rule-statement-type-rate-based.html). @@ -220 +220 @@ rateBasedRuleId -The ID of the rate-based rule that acted on the request. If this has terminated the request, the ID for `rateBasedRuleId` is the same as the ID for `terminatingRuleId`. +The ID of the rate-based rule. If this has terminated the request, the ID for `rateBasedRuleId` is the same as the ID for `terminatingRuleId`. This field is set to `NO_EVALUATION_PERFORMED` when the rule could not be evaluated. This can happen when the request is missing a custom aggregation key such as a header or cookie required by `CUSTOMKEYS` aggregation. @@ -225 +225 @@ rateBasedRuleName -The name of the rate-based rule that acted on the request. +The name of the rate-based rule.