AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-05-07 · Documentation low

File: waf/latest/developerguide/waf-labels.md

Summary

Added documentation about dynamic label interpolation using ${namespace:} syntax for custom headers/responses, enabling single-rule namespace handling.

Security assessment

Documents a feature for efficiently forwarding security labels (e.g., from Bot Control) but doesn't address a vulnerability. WAF labels are security-relevant components.

Diff

diff --git a/waf/latest/developerguide/waf-labels.md b/waf/latest/developerguide/waf-labels.md
index 5aec0dcd4..043506aa1 100644
--- a//waf/latest/developerguide/waf-labels.md
+++ b//waf/latest/developerguide/waf-labels.md
@@ -34,0 +35,2 @@ For example, say you have multiple rules that you want to only apply to your log
+  * **Dynamic label interpolation** – You can use `${namespace:}` syntax to resolve label values at evaluation time in custom request headers, custom response headers, and custom response bodies. One rule with interpolation covers an entire namespace, so you don't need a separate rule for each label value. This is useful for forwarding managed rule group labels, such as Bot Control categories, to your origin as request headers. For more information, see [Dynamic label interpolation](./waf-dynamic-label-interpolation.html).
+