AWS waf medium security documentation change
Summary
Added changelog entry for Windows OS rule group version 2.5 with updated detection logic and rule replacement (QUERYARGUMENTS to QUERYSTRING)
Security assessment
The rule group update specifically improves detection of WindowsShell command injection attacks. Changing inspection focus from query arguments to query string indicates security logic enhancement against injection vulnerabilities.
Diff
diff --git a/waf/latest/developerguide/aws-managed-rule-groups-changelog.md b/waf/latest/developerguide/aws-managed-rule-groups-changelog.md index cafa4965f..d42fc0c0e 100644 --- a//waf/latest/developerguide/aws-managed-rule-groups-changelog.md +++ b//waf/latest/developerguide/aws-managed-rule-groups-changelog.md @@ -22,0 +23,9 @@ Rule group and rules | Description | Date +[Windows operating system managed rule group](./aws-managed-rule-groups-use-case.html#aws-managed-rule-groups-use-case-windows-os) + + * `WindowsShellCommands_HEADER` + * `WindowsShellCommands_URIPATH` + * `WindowsShellCommands_BODY` + * `WindowsShellCommands_QUERYARGUMENTS` + * `WindowsShellCommands_QUERYSTRING` + +| Released static version 2.5 of this rule group. Removed `WindowsShellCommands_QUERYARGUMENTS` and replaced it with `WindowsShellCommands_QUERYSTRING`. Updated WindowsShellCommands rules to improve detection logic. | 2026-06-01