AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-07-10 · Documentation low

File: waf/latest/developerguide/aws-managed-rule-groups-use-case.md

Summary

Added 'Amazon Bedrock AgentCore Gateway' to the list of services with 16KB default body size limit in multiple WAF rule descriptions

Security assessment

The change expands documentation about existing security controls (WAF body inspection limits) to include a new service (Bedrock AgentCore Gateway). While this relates to security features, there's no indication it addresses a specific vulnerability or security incident - rather it updates coverage documentation for a newly supported service.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-use-case.md b/waf/latest/developerguide/aws-managed-rule-groups-use-case.md
index 8de580e72..4cb8058db 100644
--- a//waf/latest/developerguide/aws-managed-rule-groups-use-case.md
+++ b//waf/latest/developerguide/aws-managed-rule-groups-use-case.md
@@ -41 +41 @@ Rule name | Description and label
-This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLi_Body`  
+This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLi_Body`  
@@ -46 +46 @@ This rule only inspects the request body up to the body size limit for the prote
-This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLiExtendedPatterns_Body`  
+This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:sql-database:SQLiExtendedPatterns_Body`  
@@ -101 +101 @@ Rule name | Description and label
-This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_Body`  
+This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_Body`  
@@ -134 +134 @@ Rule name | Description and label
-This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:windows-os:WindowsShellCommands_Body`  
+This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:windows-os:WindowsShellCommands_Body`  
@@ -141 +141 @@ This rule only inspects the request body up to the body size limit for the prote
-This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:windows-os:PowerShellCommands_Body`  
+This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:windows-os:PowerShellCommands_Body`  
@@ -171 +171 @@ This rule only inspects the first 8 KB of the request headers or the first 200 h
-This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_Body`  
+This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html).  Rule action: Block Label: `awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_Body`