AWS Security ChangesHomeSearch

AWS waf medium security documentation change

Service: waf · 2026-06-04 · Security-related medium

File: waf/latest/developerguide/aws-managed-rule-groups-use-case.md

Summary

Added documentation for new 'WindowsShellCommands_QUERYSTRING' rule detecting command injection in query strings

Security assessment

Explicitly documents a new security rule targeting WindowsShell command injection attacks in query strings, expanding protection against code execution vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-use-case.md b/waf/latest/developerguide/aws-managed-rule-groups-use-case.md
index 3f6e6a37b..8de580e72 100644
--- a//waf/latest/developerguide/aws-managed-rule-groups-use-case.md
+++ b//waf/latest/developerguide/aws-managed-rule-groups-use-case.md
@@ -127,0 +128 @@ Rule name | Description and label
+`WindowsShellCommands_QUERYSTRING` |  Inspects the query string and blocks WindowsShell command injection attempts in web applications. The match patterns represent WindowsShell commands. Example patterns include `||nslookup` and `;cmd`.  Rule action: Block Label: `awswaf:managed:aws:windows-os:WindowsShellCommands_QueryString`