AWS waf documentation change
Summary
Added documentation about dynamic label interpolation using ${namespace:} syntax for custom headers/responses, enabling single-rule namespace handling.
Security assessment
Documents a feature for efficiently forwarding security labels (e.g., from Bot Control) but doesn't address a vulnerability. WAF labels are security-relevant components.
Diff
diff --git a/waf/latest/developerguide/waf-labels.md b/waf/latest/developerguide/waf-labels.md index 5aec0dcd4..043506aa1 100644 --- a//waf/latest/developerguide/waf-labels.md +++ b//waf/latest/developerguide/waf-labels.md @@ -34,0 +35,2 @@ For example, say you have multiple rules that you want to only apply to your log + * **Dynamic label interpolation** – You can use `${namespace:}` syntax to resolve label values at evaluation time in custom request headers, custom response headers, and custom response bodies. One rule with interpolation covers an entire namespace, so you don't need a separate rule for each label value. This is useful for forwarding managed rule group labels, such as Bot Control categories, to your origin as request headers. For more information, see [Dynamic label interpolation](./waf-dynamic-label-interpolation.html). +