2025/06/11 - 8 updated api methods
Changes WAF now provides two DDoS protection options: resource-level monitoring for Application Load Balancers and the AWSManagedRulesAntiDDoSRuleSet managed rule group for CloudFront distributions.
2025/06/11 - 8 updated api methods
Changes WAF now provides two DDoS protection options: resource-level monitoring for Application Load Balancers and the AWSManagedRulesAntiDDoSRuleSet managed rule group for CloudFront distributions.
2025/06/05 - 8 updated api methods
Changes AWS WAF adds support for ASN-based traffic filtering and support for ASN-based rate limiting.
2025/03/26 - 2 updated api methods
Changes This release adds the ability to associate an AWS WAF v2 web ACL with an AWS Amplify App.
2025/03/17 - 11 updated api methods
Changes AWS WAF now lets you inspect fragments of request URIs. You can specify the scope of the URI to inspect and narrow the set of URI fragments.
2025/03/06 - 11 updated api methods
Changes You can now perform an exact match or rate limit aggregation against the web request's JA4 fingerprint.
2025/02/14 - 4 updated api methods
Changes The WAFv2 API now supports configuring data protection in webACLs.
2024/10/21 - 2 updated api methods
Changes Add a property to WebACL to indicate whether it's been retrofitted by Firewall Manager.
2024/02/28 - 8 updated api methods
Changes AWS WAF now supports configurable time windows for request aggregation with rate-based rules. Customers can now select time windows of 1 minute, 2 minutes or 10 minutes, in addition to the previously supported 5 minutes.
2024/02/06 - 1 new api methods
Changes You can now delete an API key that you've created for use with your CAPTCHA JavaScript integration API.
2023/09/25 - 11 updated api methods
Changes You can now perform an exact match against the web request's JA3 fingerprint.
2023/09/06 - 8 updated api methods
Changes The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API.
2023/07/19 - 8 updated api methods
Changes Added the URI path to the custom aggregation keys that you can specify for a rate-based rule.
2023/06/13 - 8 updated api methods
Changes You can now detect and block fraudulent account creation attempts with the new AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet.
2023/06/02 - 2 new api methods
Changes Added APIs to describe managed products. The APIs retrieve information about rule groups that are managed by AWS and by AWS Marketplace sellers.
2023/05/30 - 11 updated api methods
Changes This SDK release provides customers the ability to use Header Order as a field to match.
2023/05/16 - 8 updated api methods
Changes My AWS Service (placeholder) - You can now rate limit web requests based on aggregation keys other than IP addresses, and you can aggregate using combinations of keys. You can also rate limit all requests that match a scope-down statement, without further aggregation.
2023/04/28 - 1 updated api methods
Changes You can now associate a web ACL with a Verified Access instance.
2023/04/20 - 3 new api methods
Changes You can now create encrypted API keys to use in a client application integration of the JavaScript CAPTCHA API . You can also retrieve a list of your API keys and the JavaScript application integration URL.
2023/04/11 - 4 updated api methods
Changes For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.
2023/04/03 - 4 updated api methods
Changes For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.
2023/02/23 - 1 updated api methods
Changes You can now associate an AWS WAF v2 web ACL with an AWS App Runner service.
2023/02/15 - 8 updated api methods
Changes For protected CloudFront distributions, you can now use the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login attempts from clients that have recently submitted too many failed login attempts.
2022/10/27 - 13 updated api methods
Changes This release adds the following: Challenge rule action, to silently verify client browsers; rule group rule action override to any valid rule action, not just Count; token sharing between protected applications for challenge/CAPTCHA token; targeted rules option for Bot Control managed rule group.
2022/08/03 - 1 updated api methods
Changes You can now associate an AWS WAF web ACL with an Amazon Cognito user pool.
2022/07/15 - 8 updated api methods
Changes This SDK release provide customers ability to add sensitivity level for WAF SQLI Match Statements.
2022/04/29 - 11 updated api methods
Changes You can now inspect all request headers and all cookies. You can now specify how to handle oversize body contents in your rules that inspect the body.
2022/04/08 - 2 updated api methods
Changes Add a new CurrentDefaultVersion field to ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
2022/02/10 - 3 new 8 updated api methods
Changes Adds support for AWS WAF Fraud Control account takeover prevention (ATP), with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile apps.
2021/11/08 - 13 updated api methods
Changes You can now configure rules to run a CAPTCHA check against web requests and, as needed, send a CAPTCHA challenge to the client.
2021/09/22 - 8 updated api methods
Changes Added the regex match rule statement, for matching web requests against a single regular expression.
2021/09/14 - 1 updated api methods
Changes This release adds support for including rate based rules in a rule group.
2021/08/09 - 5 new 9 updated api methods
Changes This release adds APIs to support versioning feature of AWS WAF Managed rule groups
2021/06/24 - 8 updated api methods
Changes Added support for 15 new text transformation.
2021/04/01 - 13 updated api methods
Changes Added support for ScopeDownStatement for ManagedRuleGroups, Labels, LabelMatchStatement, and LoggingFilter. For more information on these features, see the AWS WAF Developer Guide.
2021/03/29 - 10 updated api methods
Changes Added custom request handling and custom response support in rule actions and default action; Added the option to inspect the web request body as parsed and filtered JSON.
2021/02/12 - 11 updated api methods
Changes Added the option to inspect the web request body as parsed and filtered JSON (new FieldToMatch type JsonBody), in addition to the existing option to inspect the web request body as plain text.
2020/10/01 - 1 updated api methods
Changes AWS WAF is now available for AWS AppSync GraphQL APIs. AWS WAF protects against malicious attacks with AWS Managed Rules or your own custom rules. For more information see the AWS WAF Developer Guide.
2020/07/31 - 3 updated api methods
Changes Add ManagedByFirewallManager flag to the logging configuration, which indicates whether AWS Firewall Manager controls the configuration.
2020/07/09 - 8 updated api methods
Changes Added the option to use IP addresses from an HTTP header that you specify, instead of using the web request origin. Available for IP set matching, geo matching, and rate-based rule count aggregation.
2020/03/31 - 4 new 2 updated api methods
Changes Added support for AWS Firewall Manager for WAFv2 and PermissionPolicy APIs for WAFv2.
2019/11/25 - 36 new api methods
Changes This release introduces new set of APIs ("wafv2") for AWS WAF. Major changes include single set of APIs for creating/updating resources in global and regional scope, and rules are configured directly into web ACL instead of being referenced. The previous APIs ("waf" and "waf-regional") are now referred as AWS WAF Classic. For more information visit: https://docs.aws.amazon.com/waf/latest/APIReference/Welcome.html