AWS waf documentation change
Summary
Added 'Amazon Bedrock AgentCore Gateway' to the list of services with 16KB default body size limit in multiple WAF rule descriptions
Security assessment
The change expands documentation about existing security controls (WAF body inspection limits) to include a new service (Bedrock AgentCore Gateway). While this relates to security features, there's no indication it addresses a specific vulnerability or security incident - rather it updates coverage documentation for a newly supported service.
Diff
diff --git a/waf/latest/developerguide/aws-managed-rule-groups-use-case.md b/waf/latest/developerguide/aws-managed-rule-groups-use-case.md index 8de580e72..4cb8058db 100644 --- a//waf/latest/developerguide/aws-managed-rule-groups-use-case.md +++ b//waf/latest/developerguide/aws-managed-rule-groups-use-case.md @@ -41 +41 @@ Rule name | Description and label -This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLi_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLi_Body` @@ -46 +46 @@ This rule only inspects the request body up to the body size limit for the prote -This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLiExtendedPatterns_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLiExtendedPatterns_Body` @@ -101 +101 @@ Rule name | Description and label -This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_Body` @@ -134 +134 @@ Rule name | Description and label -This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:windows-os:WindowsShellCommands_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:windows-os:WindowsShellCommands_Body` @@ -141 +141 @@ This rule only inspects the request body up to the body size limit for the prote -This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:windows-os:PowerShellCommands_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:windows-os:PowerShellCommands_Body` @@ -171 +171 @@ This rule only inspects the first 8 KB of the request headers or the first 200 h -This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_Body`