**Introducing a new console experience for AWS WAF**
You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html).
# Document history
This page lists significant changes to this documentation.
Service features are sometimes rolled out incrementally to the AWS Regions where a service is available. We update this documentation for the first release only. We don't provide information about Region availability or announce subsequent Region rollouts. For information about Region availability of service features and to subscribe to notifications about updates, see [What's New with AWS?](https://aws.amazon.com/new).
| Change | Description | Date |
| --- |--- |--- |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Released static version 1.21 of the core rule set (CRS) managed rule group. | April 6, 2026 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Released static version 2.2 of the PHP Application rule group. | March 24, 2026 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Released static version 5.0 of the Bot Control rule group with expanded bot detection capabilities. | February 25, 2026 |
| [AWS WAF console has a new AI Traffic Analysis dashboard](web-acl-dashboards.md) | The web ACL page in the AWS WAF console has a new AI Traffic Analysis dashboard. | February 25, 2026 |
| [Updated AWS Shield network security director network topology widget documentation](nsd-findings.md) | Updated AWS Shield network security director network topology widget documentation to reflect how it is generated and displayed. | February 9, 2026 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Released static version of 3.2 of the POSIX operating system rule group. | January 15, 2026 |
| [Updated AWS Shield network security director public preview](nsd-chapter.md) | Updated AWS Shield network security director public preview to include multi-account features and integration with AWS Organizations. | December 12, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Released static version 1.25 of the Known bad inputs rule group. | December 8, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Released static version of 3.1 of the POSIX operating system rule group. | December 8, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Released static version 1.24 of the Known bad inputs rule group. | December 4, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated Bot Control rule group with support for expanded bot detection across multiple categores like Advertising, AI, Content Fetcher, and Social Media. | November 20, 2025 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Added Amazon CloudFront Flat rate pricing permissions to the `AWSWAFConsoleFullAccess`, and `AWSWAFConsoleReadOnlyAccess` managed policies. | November 18, 2025 |
| [AWS WAF integration with CloudFront flat-rate pricing plans](cloudfront-features.md) | You can now subscribe CloudFront distributions associated with AWS WAF to a flat-rate pricing plan. This new pricing plan is different from pay-as-you-go pricing in that pricing plans have preset service quotas for usage and resources. Once you subscribe a distribution for a pricing plan, you won't receive unexpected usage charges for that distribution. You will have a single price for all resources and features that are included in the pricing plan. | November 18, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Added support for Web Bot Authentication for AI Agents to the Bot Control rule group. | November 17, 2025 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Updated Amazon API Gateway permissions to the `AWSWAFConsoleFullAccess` and `AWSWAFConsoleReadOnlyAccess`managed policies. Added Amazon CloudWatch, AWS AppSync, Amazon Data Firehose, AWS Price List, and AWS Marketplace to the `AWSWAFConsoleFullAccess` and `AWSWAFConsoleReadOnlyAccess`managed policies. | November 3, 2025 |
| [ALB associations per web ACL](limits.md) | Add a new quota for ALB associations per web ACL. The default quota per web ACL is 100. | October 22, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core, or common, rule set (CRS). | October 2, 2025 |
| [Updated thresholds for AWS WAF Bot Control](aws-managed-rule-groups-list.md) | Updated thresholds for `TGT_TokenReuseIpLow` and `TGT_TokenReuseIpMedium`. | August 29, 2025 |
| [Add quota for Geo match countries per rule](limits.md) | The maximum number of Geo match countries for a rule is 50. | August 29, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core, or common, rule set (CRS). | August 14, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core, or common, rule set (CRS). | June 18, 2025 |
| [First preview release of network security director](nsd-chapter.md) | AWS Shield network security director is now available in preview, providing insights into your AWS security configuration. | June 17, 2025 |
| [Added identity-based customer managed policies for AWS Shield network security director](security-nsd-with-iam-id-based-policies.md) | You can create and manage your own identity-based policies to grant AWS Shield network security director appropriate access to your AWS resources. | June 17, 2025 |
| [AWS WAF adds an new console user experience](how-aws-waf-works.md) | The AWS WAF console now has a simplified onboarding workflow and an improved way to manage web ACLs, through protection packs (web ACLs). | June 17, 2025 |
| [Updated AWS WAF metrics and dimensions](waf-metrics.md) | Two new Distributed Denial of Service (DDoS) prevention metrics are now published to the `AWS/ApplicationELB` namespace: `LowReputationRequestsDenied` and `LowReputationPacketsDropped`. | June 11, 2025 |
| [New Anti-DDoS managed rule group for AWS WAF](aws-managed-rule-groups-anti-ddos.md) | `AWSManagedRulesAntiDDoSRuleSet` protects your resources by detecting, labeling, and challenging requests that are suspected to be participating in DDoS attacks. | June 11, 2025 |
| [AWS WAF adds resource-level DDoS protection](waf-anti-ddos.md) | You can now use Anti-DDoS functionality to detect and prevent DDoS attacks in Application Load Balancers. | June 11, 2025 |
| [AWS WAF adds ASN match statements](waf-rule-statement-type-asn-match.md) | You can now match web requests based on the Autonomous System Number (ASN) of the originating IP address. | June 5, 2025 |
| [AWS WAF adds ASN as a custom key aggregation option](waf-rule-statement-type-rate-based.md) | You can now limit requests from specific Autonomous System Number (ASNs) using custom key aggregation. | June 5, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the AWS WAF Bot Control rule set. | May 29, 2025 |
| [AWS Firewall Manager security policy updates](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Updates to the `FMSServiceRolePolicy` to add permissions required for Amazon CloudFront. | May 21, 2025 |
| [Updated AWS WAF metrics and dimensions for silent Challenge](waf-metrics.md) | Added `ChallengesAttempted`, `ChallengesSolved`, `ChallengesAttemptedSdk`, and `ChallengesSolvedSdk` to the AWS AWS WAF metrics and dimensions section. | May 16, 2025 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Added AWS Amplify permissions to the `AWSWAFFullAccess`, `AWSWAFReadOnlyAccess`, `AWSWAFConsoleFullAccess`, and `AWSWAFConsoleReadOnlyAccess` managed policies and Amazon CloudFront permissions to the `AWSWAFConsoleFullAccess`, and `AWSWAFConsoleReadOnlyAccess` managed policies. | May 5, 2025 |
| [AWS WAF adds support for new CloudFront distributions](cloudfront-features.md) | You can now associate AWS WAF web ACLs with CloudFront multi-tenant distributions and distribution tenants. | April 28, 2025 |
| [URI fragment in log match details](logging.md) | Rule match details in the logs now include the URI fragment from the web request. You can configure logging to redact this field from the logs. | March 17, 2025 |
| [New AWS WAF request component](waf-rule-statement-fields-list.md) | You can now inspect the URI fragment. | March 17, 2025 |
| [Added client-side protections to AWS WAF](marketplace-rule-groups.md#marketplace-rule-groups-subscribing) | Client-side protections from AWS Marketplace are now available. You can subscribe and unsubscribe to client-side protections through the AWS Marketplace console. | March 10, 2025 |
| [AWS WAF supports new JA4 field matching](waf-rule-statement-fields-list.md#waf-rule-statement-request-component-ja4-fingerprint) | You can detect and block traffic based on advanced JavaScript Fingerprinting (JA4) characteristics and use the JA4 fingerprint as one of the supported request keys within WAF rate-based rules. | March 4, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core, or common, rule set (CRS). | March 3, 2025 |
| [Updated AWS WAF metrics and dimensions](waf-metrics.md) | Added information on usage metrics to the AWS WAF metrics and dimensions section. | February 21, 2025 |
| [AWS WAF adds data protection options](data-protection-masking.md) | AWS WAF now lets you configure data protection either at the protection pack (web ACL) level or at the logging only level. | February 14, 2025 |
| [AWS Firewall Manager security policy updates](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Updates to the `FMSServiceRolePolicy` to add permissions for getting resource configuration statuses in batches. | February 10, 2025 |
| [AWS Firewall Manager quota updates](fms-limits.md#fms-limits-mutable) | Updated the Firewall Manager quotas section to reflect new AWS WAF and Network Firewall policies. | February 10, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the SQLi database rule group. | January 24, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Linux operating system rule group. | January 24, 2025 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the SQLi database rule group. | January 24, 2025 |
| [AWS Firewall Manager updates to resource tags](policy-scope.md) | Firewall Manager now lets you combine multiple resource tags using the logical AND operator or the logical OR operator. You can also use a new wildcard operator in a resource tag to match any key or value. | January 9, 2025 |
| [AWS WAF web ACL dashboard adds top security insights](web-acl-dashboards.md) | The AWS WAF console web ACL traffic overview dashboards have a new top insights tab. | January 2, 2025 |
| [Rate-based rule aggregation on JA3 and JA4 fingerprints](waf-rule-statement-type-rate-based-aggregation-options.md) | You can now specify the JA3 fingerprint and JA4 fingerprint in your custom aggregation keys for rate-based rules. | December 20, 2024 |
| [AWS WAF adds inspection of JA4 fingerprint](waf-rule-statement-fields-list.md#waf-rule-statement-request-component-ja4-fingerprint) | You can now perform an exact match against the web request's JA4 fingerprint, for Amazon CloudFront distributions and Application Load Balancers. | December 20, 2024 |
| [Update to the AWS WAF mobile SDK specification](waf-mobile-sdk-specification.md) | Added the `loadTokenIntoProvider` operation to `WAFTokenProvider`. | November 19, 2024 |
| [Application integration SDKs add TV apps](waf-mobile-sdk.md) | You can use the Android and iOS integration SDKs for TV apps as well as mobile apps. | November 19, 2024 |
| [AWS WAF token labeling adds browser fingerprint](waf-tokens-labeling.md) | Token management now adds a label for the browser fingerprint. | November 13, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Bot Control rule group. | November 7, 2024 |
| [Firewall Manager AWS WAF policy can use existing web ACLs](how-fms-manages-web-acls.md) | Firewall Manager AWS WAF policies can now retrofit existing account-owned web ACLs, and create new web ACLs only where needed. | October 22, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | October 16, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Bot Control, ATP, and ACFP managed rule groups. | September 13, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Linux operating system rule group. | September 2, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | August 30, 2024 |
| [Lower rate-based rule threshold](limits.md) | The minimum request rate for a rate-based rule is now 10. Before this, it was 100. | August 30, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Windows operating system rule group. | August 28, 2024 |
| [AWS WAF metrics added new metrics for CAPTCHA JavaScript API](waf-metrics.md) | AWS WAF added two new metrics, `CaptchasAttemptedSdk` and `CaptchasSolvedSdk`, to show account-wide CAPTCHA puzzle attempts using the CAPTCHA JavaScript API. | August 28, 2024 |
| [Add quotas on calls per organization for `ListResourcesForWebACL`](limits.md) | AWS WAF now limits the number of calls to `ListResourcesForWebACL` by the accounts in an organization for any single Region. | July 26, 2024 |
| [AWS Firewall Manager security policy updates](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Updates to `FMSServiceRolePolicy` to add permissions for reading Network Firewall TLS configuration information. | July 22, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the WordPress application rule group. | July 15, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Linux operating system rule group. | July 12, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | July 9, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the PHP application and Windows operating system rule groups. | July 3, 2024 |
| [Clarify how JSON body parsing works](waf-rule-statement-fields-list.md#waf-rule-statement-request-component-json-body) | Updated coverage for JSON body inspection to clarify how AWS WAF handles parsing and the body parsing fallback behavior. | June 25, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Linux operating system rule group. | June 6, 2024 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Updated `WAFV2LoggingServiceRolePolicy` and `AWSServiceRoleForWAFV2Logging` to add Statement IDs (Sids) to the permissions settings. | June 3, 2024 |
| [AWS WAF managed policy change tracking](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | AWS WAF started tracking changes for the managed policy `WAFV2LoggingServiceRolePolicy` and the service-linked role `AWSServiceRoleForWAFV2Logging`. | June 3, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | The Bot Control, ATP, and ACFP managed rule groups are now versioned and will provide SNS notifications for version updates, the same as other versioned AWS Managed Rules. | May 29, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the POSIX operating system rule group, `AWSManagedRulesUnixRuleSet`. | May 28, 2024 |
| [CAPTCHA and Challenge actions](waf-captcha-and-challenge.md) | Added clarification that browser clients require HTTPS to run CAPTCHA puzzles and silent challenges. | May 24, 2024 |
| [Integration with Amazon Security Lake](waf-data-protection-and-logging.md) | You can now use Security Lake to collect protection pack (web ACL) traffic data. For information, see [Collecting data from AWS services](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) in the *Amazon Security Lake user guide*. | May 22, 2024 |
| [Integration with Amazon Security Lake](logging.md) | You can now use Security Lake to collect protection pack (web ACL) traffic data. For information, see [Collecting data from AWS services](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) in the *Amazon Security Lake user guide*. | May 22, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | May 21, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the SQLi database rule group. | May 14, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the known bad inputs and POSIX operating system rule groups. | May 8, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Windows operating system rule group. | May 3, 2024 |
| [AWS WAF mobile SDK Android Kotlin code samples](waf-mobile-sdk-coding-examples.md) | Added example code for Kotlin-based Android integrations. | May 2, 2024 |
| [AWS WAF metrics added dimensions and new metrics](waf-metrics.md) | AWS WAF added new dimension for `ManagedRuleSetRule` in rule metrics and new metrics for the matched rule action for label metrics. | May 2, 2024 |
| [AWS Firewall Manager supports network ACL policies](working-with-policies.md) | Firewall Manager now supports the management of Amazon VPC network access control lists (ACLs) through Firewall Manager network ACL policies. | April 25, 2024 |
| [AWS Firewall Manager security policy updates](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Updates to `FMSServiceRolePolicy` to add permissions for managing network ACLs. | April 22, 2024 |
| [Updated health check metrics list](health-checks-metrics.md) | We removed some metrics from the list of those that are commonly used in health checks. | April 16, 2024 |
| [Updates for Firewall Manager security group policies](security-group-policies.md) | We've updated our usage audit security group policies and improved the documentation. See the usage audit policy section and the sections on best practices and limitations. | April 2, 2024 |
| [Updated Bot Control examples](waf-bot-control-examples.md) | Added examples depicting the targeted inspection level and updated existing examples to reflect best practices. | March 27, 2024 |
| [Updated ATP examples](waf-atp-control-examples.md) | Added example depicting response inspection configuration and updated existing examples to reflect best practices. | March 27, 2024 |
| [Updated ACFP examples](waf-acfp-control-examples.md) | Added example depicting response inspection configuration. | March 27, 2024 |
| [Update Amazon CloudWatch Logs log stream limits](limits.md) | AWS WAF no longer has per-protection pack (web ACL) limits on publishing logs to CloudWatch Logs log streams. | March 27, 2024 |
| [AWS Shield Advanced application layer (layer 7) protections](ddos-app-layer-protections.md) | Updated general and best practice guidance for application layer detection and mitigation, web ACL use, rate-based rules, and automatic application layer DDoS mitigation. | March 14, 2024 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the IP reputation rule group. | March 13, 2024 |
| [Changes to body inspection size limits](web-acl-setting-body-inspection-limit.md) | AWS WAF now supports larger body inspection size limits for some regional resources. | March 7, 2024 |
| [Configurable evaluation window for AWS WAF rate-based rules](waf-rule-statement-type-rate-based.md) | You can now configure the time window that rate-based rules use to count requests, to 1, 2, 5, or 10 minutes. The default is 5, which was the only option before this release. | February 28, 2024 |
| [Expanded logging information for CAPTCHA and Challenge](logging-fields.md) | The top level `captchaResponse` and `challengeResponse` fields are now populated with the last of these actions to be applied to a request, whether terminating or non-terminating. Prior to this, these fields were populated only for terminating actions. | February 22, 2024 |
| [JavaScript CAPTCHA API key management](waf-js-captcha-api-key.md) | You can now delete CAPTCHA JS API keys through the AWS WAF APIs. | February 6, 2024 |
| [AWS WAF CAPTCHA puzzles audio](waf-captcha-puzzle-language-support.md) | The audio version of the CAPTCHA puzzle now supports multiple languages. | February 6, 2024 |
| [AWS WAF challenge and CAPTCHA token labeling](waf-tokens-labeling.md) | Token management now adds labels for the CAPTCHA token and has enhanced the token labeling for the challenge token. | December 20, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the known bad inputs rule group. | December 16, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the known bad inputs rule group. | December 14, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | December 6, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: AWS WAF Bot Control. | December 5, 2023 |
| [New web authentication labels for AI agents Bot Control managed rule group.](aws-managed-rule-groups-bot.md) | The Bot Control managed rule group now supports Web Bot Authentication (WBA) as a cryptographic verification method for bots and AI agents accessing your CloudFront distributions. This feature enables legitimate AI crawlers and agents to prove their identity without requiring traditional challenge-response mechanisms. | November 20, 2023 |
| [Updated Firewall Manager AWS Config prerequisites](enable-config.md) | If you use a custom IAM role instead of the Firewall Manager managed role for AWS Config, you must ensure that your permission policy allows AWS Config recorder to record Firewall Manager resources. | November 17, 2023 |
| [AWS WAF console dashboards](web-acl-testing-view-sample.md) | We corrected the guidance for viewing all rules and sampled requests for a protection pack (web ACL) in the AWS WAF console. | November 17, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Bot Control rule group. | November 14, 2023 |
| [AWS WAF console has new web ACL dashboards](web-acl-dashboards.md) | The web ACL page in the AWS WAF console has new web traffic overview dashboards. | November 14, 2023 |
| [Updated ATP managed rule group](aws-managed-rule-groups-atp.md) | Corrected label information for the rules `VolumetricIpFailedLoginResponseHigh` and `VolumetricSessionFailedLoginResponseHigh`. | November 13, 2023 |
| [Updated ACFP managed rule group](aws-managed-rule-groups-acfp.md) | Corrected label information for the rules `VolumetricIPSuccessfulResponse` and `VolumetricSessionSuccessfulResponse`. | November 13, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | November 2, 2023 |
| [Shield Advanced automatic application layer DDoS mitigation](ddos-automatic-app-layer-response-rg.md) | Shield Advanced now maintains a rate-based rule in the automatic mitigation rule group that limits the volume of requests from IP addresses known to be sources of DDoS attacks. | October 31, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | October 30, 2023 |
| [Bot Control managed rule group removed signal label for the request CSP](aws-managed-rule-groups-bot.md) | The Bot Control managed rule group removed the signal label that indicates the cloud service provider (CSP). | October 28, 2023 |
| [Bot Control managed rule group signal label for the request CSP](aws-managed-rule-groups-bot.md) | The Bot Control managed rule group signal labels include a label that indicates the cloud service provider (CSP). | October 27, 2023 |
| [Updated AWS WAF IAM permissions information](security_iam_service-with-iam.md#security_iam_action-additions) | For the AWS WAF actions that manage protection pack (web ACL) associations, the policy actions section now lists the permissions requirements for each web application resource type. | October 25, 2023 |
| [Firewall Manager management of modified web ACLs](waf-policies.md) | When you enable management of unassociated web ACLs, Firewall Manager doesn't include the modified web ACLs in the one-time cleanup of unused resources. | October 19, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the POSIX operating system rule group, `AWSManagedRulesUnixRuleSet`. | October 12, 2023 |
| [AWS WAF metrics added dimensions](waf-metrics.md) | AWS WAF added new dimensions for viewing web ACL metrics. | October 12, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | October 11, 2023 |
| [Update to the AWS WAF mobile SDK specification](waf-mobile-sdk-specification.md) | Added the `storeTokenInCookieStorage` operation to `WAFTokenProvider`. | October 11, 2023 |
| [Exception deployments AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated two static versions of the known bad inputs rule group and updated the default version to point to the most recent static version. | October 4, 2023 |
| [AWS WAF HTML entity decode text transformation](waf-rule-statement-transformation.md) | Expanded the functionality of the HTML entity decode text transformation. | October 4, 2023 |
| [Added new option to Firewall Manager security group common policy](create-policy.md#creating-firewall-manager-policy-common-security-group) | Firewall Manager now can distribute security group references to replica security groups. | October 3, 2023 |
| [AWS WAF adds inspection of JA3 fingerprint](waf-rule-statement-fields-list.md#waf-rule-statement-request-component-ja3-fingerprint) | You can now perform an exact match against the web request's JA3 fingerprint, for Amazon CloudFront distributions and Application Load Balancers. | September 26, 2023 |
| [Updates to Firewall Manager security group policy rules settings](security-group-policies-common.md) | Firewall Manager now supports security group referencing from primary security groups to replica security groups. | September 25, 2023 |
| [Updated Shield Advanced automatic application layer DDoS mitigation](shield-policies-auto-app-layer-mitigation.md) | Firewall Manager now supports Application Load Balancer resources for Shield Advanced policies configured with automatic application layer DDoS mitigation. | September 14, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: AWS WAF Bot Control. | September 6, 2023 |
| [AWS WAF Bot Control](waf-bot-control-components.md) | The targeted protection level of the Bot Control managed rule group now inspects for token reuse between IP addresses. It also now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. | September 6, 2023 |
| [Update to the AWS WAF mobile SDK specification](waf-mobile-sdk-specification.md) | Lowered the min, max, and default values for `tokenRefreshDelaySec` from min 300, max 600, and default 300 to min 88, max 300, and default 88. | September 5, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the AWS WAF Bot Control rule group. | August 30, 2023 |
| [Shield Advanced automatic application layer DDoS mitigation](manage-automatic-mitigation-in-cfn.md) | Added guidance for using CloudFormation to manage the web ACLs that you use with automatic application layer DDoS mitigation. | August 30, 2023 |
| [New Firewall Manager content audit security group policy option](create-policy.md#creating-firewall-manager-policy-audit-security-group) | Added new option for auditing overly permissive rule groups, and improved console procedure descriptions. | August 29, 2023 |
| [New Firewall Manager Shield and AWS WAF policy option](waf-policies.md) | If you enable management of unassociated web ACLs in AWS WAF and Shield, Firewall Manager only creates web ACLs in the accounts within policy scope only if the web ACLs will be used by at least one resource. | August 9, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | July 26, 2023 |
| [Rate-based rule aggregation on URI path](waf-rule-statement-type-rate-based-aggregation-options.md) | You can now specify the URI path in your custom aggregation keys for rate-based rules. | July 19, 2023 |
| [New AWS WAF policy rule option in AWS Firewall Manager](create-policy.md#creating-firewall-manager-policy-for-waf) | AWS Firewall Manager adds support for configuring AWS WAF web request body inspection size limits. | July 18, 2023 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Updated `AWSWAFFullAccessPolicy`, `AWSWAFConsoleFullAccess`, `AWSWAFReadOnlyAccess`, and `AWSWAFConsoleReadOnlyAccess` to add AWS Verified Access to the resource types that you can protect with AWS WAF. | June 17, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the rule group `AWSManagedRulesACFPRuleSet`. | June 13, 2023 |
| [Update to AWS WAF Fraud Control account takeover prevention (ATP)](waf-atp-rg-using.md) | You can now specify the login endpoint for the ATP managed rule group using a regular expression. | June 13, 2023 |
| [New information for the CAPTCHA JavaScript API](waf-js-captcha-api-conditional.md) | New section describes how to serve a custom CAPTCHA puzzle when AWS WAF responds to a request with a CAPTCHA. | June 13, 2023 |
| [New ACFP managed rule group](aws-managed-rule-groups-acfp.md) | Use the new rule group `AWSManagedRulesACFPRuleSet` to detect and block fraudulent account creation attempts. | June 13, 2023 |
| [New AWS WAF Fraud Control account creation fraud prevention (ACFP)](waf-acfp.md) | You can detect and block fraudulent account creation attempts with the new AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group `AWSManagedRulesACFPRuleSet`. With protected CloudFront distributions, you can also use ACFP to block new account creation attempts from clients that have recently submitted too many failed account creation attempts. | June 13, 2023 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Updated `AWSWAFFullAccessPolicy`, `AWSWAFConsoleFullAccess`, `AWSWAFReadOnlyAccess`, and `AWSWAFConsoleReadOnlyAccess` to correct the access settings for AWS App Runner services. | June 6, 2023 |
| [Added limitation for Firewall Manager security group policies](security-group-policies.md#security-groups-limitations) | If a shared VPC is later unshared, Firewall Manager won't delete the replica security groups in the associated account. | June 2, 2023 |
| [New AWS WAF request component: Header order](waf-rule-statement-fields-list.md#waf-rule-statement-request-component-header-order) | You can now match against an ordered list of the names of the headers in the request. | May 30, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Linux operating system rule set. | May 22, 2023 |
| [Updated the organization of the AWS WAF rules section](waf-rules.md) | The rules statement listings are now grouped by statement type. | May 16, 2023 |
| [Moved topic: Listing IP addresses that are being rate limited](listing-managed-ips.md) | The topic for listing IP addresses that are being rate limited by a rate-based rule is now under the rate-based rules topic. | May 16, 2023 |
| [Expanded options for rate-based rules](waf-rule-statement-type-rate-based.md) | You can now rate limit web requests based on aggregation keys other than IP addresses, and you can aggregate using combinations of keys. You can also rate limit all requests that match a scope-down statement, without further aggregation. | May 16, 2023 |
| [Firewall Manager quota increases](fms-limits.md#fms-limits-immutable) | Increased the number of Firewall Manager policies per organization in AWS Organizations from 20 to 50. Increased maximum number of primary security groups per policy from one to three. Changed the maximum number of WCUs from a soft quota to a hard quota. | May 5, 2023 |
| [Increased maximum WCUs per rule group](limits.md) | You can now use up to 5,000 protection pack (web ACL) capacity units (WCUs) per rule group without requesting an increase from support. This new limit can't be increased. | May 1, 2023 |
| [AWS WAF Amazon S3 log bucket locations with prefixes](logging-s3.md#logging-s3-naming) | AWS WAF now allows prefixes in Amazon S3 log bucket names. | May 1, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | April 28, 2023 |
| [Added support for AWS Verified Access instances to AWS WAF](waf-chapter.md) | You can now associate an AWS WAF web ACL with a Verified Access instance. This change is only available in the latest version of AWS WAF and not in AWS WAF Classic. | April 28, 2023 |
| [Revised chapter on working with multiple Firewall Manager administrators](fms-administrators.md) | You can now designate multiple Firewall Manager administrators to create and manage the firewall resources of your organization. | April 24, 2023 |
| [AWS Firewall Manager managed policy update](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Updated `FMSServiceRolePolicy`. | April 21, 2023 |
| [New JavaScript client application integration for CAPTCHA](waf-js-captcha-api.md) | You can now customize the placement and characteristics of the CAPTCHA puzzle in your JavaScript client applications. | April 20, 2023 |
| [Application integration renamed to intelligent threat integration](waf-application-integration.md) | We renamed the existing functionality for client application integrations to intelligent threat integrations, to help distinguish between that and the new CAPTCHA application integration for JavaScript. | April 20, 2023 |
| [Variable pricing for web ACL WCUs beyond 1,500](aws-waf-capacity-units.md) | Using more than 1,500 web ACL capacity units (WCUs) in your web ACL incurs additional costs, which are adjusted automatically as your web ACL WCU usage increases and decreases. The web ACL maximum is 5,000 WCUs. | April 11, 2023 |
| [Increased maximum WCUs per protection pack (web ACL)](limits.md) | You can now use up to 5,000 protection pack (web ACL) capacity units (WCUs) per protection pack (web ACL) without requesting an increase from support. This new limit can't be increased. | April 11, 2023 |
| [Body inspection size limits for CloudFront protection packs (web ACLs)](web-acl-setting-body-inspection-limit.md) | For protection packs (web ACLs) that protect Amazon CloudFront distributions, you can increase the body inspection size limit up to 64 KB in your protection pack (web ACL) configuration. | April 11, 2023 |
| [Body inspection size increase for CloudFront](limits.md) | The maximum AWS WAF body inspection size limit for Amazon CloudFront distributions is increased from 8 KB to 64 KB. The default inspection size limit for CloudFront is 16 KB. | April 11, 2023 |
| [New AWS WAF policy rule options in AWS Firewall Manager](create-policy.md#creating-firewall-manager-policy-for-waf) | AWS Firewall Manager adds support for AWS WAF Fraud Control account takeover prevention (ATP) and AWS WAF Bot Control AWS Managed Rules rule groups, Amazon S3 logging destinations, rule action overrides, `CAPTCHA` and `Challenge` rule actions, and token domain lists. | April 7, 2023 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Updated `AWSWAFFullAccessPolicy`, `AWSWAFConsoleFullAccess`, `AWSWAFReadOnlyAccess`, and `AWSWAFConsoleReadOnlyAccess` to add AWS App Runner services to the resource types that you can protect with AWS WAF. | March 30, 2023 |
| [Added warning about the usage of tags within security group policies](create-policy.md#creating-firewall-manager-policy-common-security-group) | Firewall Manager won't update the tags of existing security groups or create new security groups if the policy has tags that conflict with the organization's tag policy. | March 28, 2023 |
| [Updating service role information](fms-security_iam_service-with-iam.md#fms-security_iam_service-with-iam-roles-choose) | Updated how to use a service role with Firewall Manager. | March 8, 2023 |
| [Corrected information about how rate-based rules perform rate limiting](waf-rule-statement-type-rate-based.md) | Rate based rules with scope-down statements only rate limit requests that match the rule's scope-down statement. We were stating that the limiting applied to all requests for any rate limited IP address. | March 1, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the PHP application rule group. | February 27, 2023 |
| [Added support for AWS App Runner to AWS WAF](waf-chapter.md) | You can now associate an AWS WAF web ACL with an AWS App Runner service. This change is only available in the latest version of AWS WAF and not in AWS WAF Classic. | February 23, 2023 |
| [Updated the IAM guidance for AWS Firewall Manager](fms-security-iam.md) | Updated guide to align with the IAM best practices. For more information, see [Security best practices in IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html). | February 16, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the rule group `AWSManagedRulesATPRuleSet` to add login response inspection in web ACLs that protect Amazon CloudFront distributions. | February 15, 2023 |
| [AWS WAF Fraud Control account takeover prevention (ATP) login response inspection](waf-atp.md) | For protected CloudFront distributions, you can now use ATP to block new login attempts from clients that have recently submitted too many failed login attempts. | February 15, 2023 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set. | January 25, 2023 |
| [Best practices for intelligent threat mitigation](waf-managed-protections-best-practices.md) | Added a section with best practices for implementing Bot Control, ATP, and other intelligent threat mitigation features. | January 22, 2023 |
| [How to inspect HTTP/2 pseudo headers](waf-rule-statement-request-components-for-http2-pseudo-headers.md) | Added a section that maps HTTP/2 pseudo headers to their corresponding web request components. | January 20, 2023 |
| [Updated the IAM guidance for AWS WAF Classic](classic-security-iam.md) | Updated guide to align with the IAM best practices. For more information, see [Security best practices in IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html). | January 3, 2023 |
| [Updated the IAM guidance for AWS WAF](security-iam.md) | Updated guide to align with the IAM best practices. For more information, see [Security best practices in IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html). | January 3, 2023 |
| [Updated the IAM guidance for AWS Shield](shd-security-iam.md) | Updated guide to align with the IAM best practices. For more information, see [Security best practices in IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html). | January 3, 2023 |
| [Updating Amazon Route 53 Resolver DNS Firewall policies](dns-firewall-policies.md) | Added information about deleting Amazon Route 53 Resolver DNS Firewall rule groups. | December 29, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Linux operating system rule set. | December 15, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set. | December 5, 2022 |
| [Firewall Manager adds support for Fortigate Cloud Native Firewall (CNF) as a Service policies](fortigate-cnf-policies.md) | Firewall Manager now supports the Fortigate CNF policies. | December 2, 2022 |
| [Removed AWS Config requirement for DNS Firewall policies](enable-config.md) | For DNS Firewall policies, you now only need to enable Config for the resource type EC2 VPC. | November 17, 2022 |
| [AWS Firewall Manager managed policy update](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Updated `FMSServiceRolePolicy`. | November 15, 2022 |
| [Expansion of language options for the AWS WAF CAPTCHA puzzle](waf-captcha-puzzle.md) | The CAPTCHA puzzle now offers its written instructions in multiple languages. The instructions inside each audio puzzle are still provided in English only. | November 11, 2022 |
| [New Firewall Manager quotas for resource sets](fms-limits.md#fms-limits-mutable) | Added new quotas for resource sets. | November 8, 2022 |
| [Add support for resource sets](fms-resource-sets.md) | You can create resource sets to group resources to manage in an Firewall Manager policy. | November 8, 2022 |
| [Add support for importing firewalls from Network Firewall](working-with-policies.md) | You can now import and manage existing firewalls in Network Firewall policies using resource sets. | November 8, 2022 |
| [AWS Firewall Manager managed policy update](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Updated `AWSFMAdminReadOnlyAccess`. | November 2, 2022 |
| [Geo match statement now adds labels to requests for country and region](waf-rule-statement-type-geo-match.md) | You can now manage geographical request origins at the region level by combining geo matching with label matching. | October 31, 2022 |
| [Renamed the top-level section: Managed protections](waf-managed-protections.md) | The section is now named AWS WAF intelligent threat mitigation, which aligns with our marketing pages. | October 27, 2022 |
| [New targeted protection level in the Bot Control managed rule group](aws-managed-rule-groups-bot.md) | The Bot Control managed rule group now offers additional, targeted rules for the detection and mitigation of sophisticated bots. This protection level is available for additional fees. | October 27, 2022 |
| [New section on AWS WAF tokens](waf-tokens.md) | Understand how AWS WAF uses tokens for intelligent threat mitigation. | October 27, 2022 |
| [Added important note about updating Firewall Manager Network Firewall policies](network-firewall-policies.md) | When you update a Firewall Manager policy, all Network Firewall policies that were created by the policy will be updated with the Firewall Manager policy's Network Firewall policy configuration. | October 27, 2022 |
| [Action overrides in rule groups](web-acl-rule-group-override-options.md) | You can now override the actions of the rules in a rule group to any rule action setting. As with the prior Count action override, you can apply your overrides to all rules in a rule group and to individual rules. | October 27, 2022 |
| [AWS WAF new Challenge rule action option](waf-captcha-and-challenge.md) | You can configure rules to use a Challenge, to verify that requests are being sent by browsers. | October 27, 2022 |
| [AWS WAF allows token sharing across multiple protected applications](waf-tokens-domains.md) | You can enable the use of tokens across multiple protected applications by configuring a token domain list for your protection pack (web ACL). | October 27, 2022 |
| [All headers specification is not case sensitive](waf-rule-statement-fields-list.md#waf-rule-statement-request-component-headers) | Changed the all headers specification to be case insensitive. This matches the single header behavior. | October 26, 2022 |
| [AWS Firewall Manager managed policy changes](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Corrections to `AWSFMAdminFullAccess`. | October 21, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the known bad inputs rule group. | October 20, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the known bad inputs rule group. | October 5, 2022 |
| [Update to the AWS WAF mobile SDK specification](waf-mobile-sdk-specification.md) | Lowered the default value for `tokenRefreshDelaySec` from 600 (10 minutes) to 300 (5 minutes). | September 30, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Corrected the label names provided in this documentation for the following rule groups: POSIX operating system, PHP application, WordPress application. | September 19, 2022 |
| [New AWS WAF policy rule option in AWS Firewall Manager](create-policy.md#creating-firewall-manager-policy-for-waf) | AWS Firewall Manager now supports customized web requests and responses for default web actions in AWS WAF policies. | September 9, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: IP reputation. | August 30, 2022 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Updated `AWSWAFFullAccessPolicy`, `AWSWAFConsoleFullAccess`, `AWSWAFReadOnlyAccess`, and `AWSWAFConsoleReadOnlyAccess` to add Amazon Cognito user pools to the resource types that you can protect with AWS WAF. | August 25, 2022 |
| [AWS WAF Fraud Control account takeover prevention (ATP)](waf-atp.md) | You can now use the AWS WAF Fraud Control account takeover prevention (ATP) functionality with Amazon CloudFront distributions. | August 24, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Known bad inputs. | August 22, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: `AWSManagedRulesATPRuleSet`. | August 11, 2022 |
| [Added support for Amazon Cognito user pools to AWS WAF](waf-chapter.md) | You can now associate an AWS WAF web ACL with an Amazon Cognito user pool. This change is only available in the latest version of AWS WAF and not in AWS WAF Classic. | August 11, 2022 |
| [Added a section on deployments for versioned AWS Managed Rules rule groups](waf-managed-rule-groups-deployments.md) | Added a new section documenting deployments for versioned AWS Managed Rules rule groups. The section includes information about how default versions are named during release candidate deployments. | July 29, 2022 |
| [Updated requirements for configuring logging for Network Firewall policies](nwfw-policies-logging-config.md) | Added requirements for Network Firewall policies that use an encrypted Amazon S3 bucket as the log destination. | July 26, 2022 |
| [Sensitivity level option for SQLi rule statement](waf-rule-statement-type-sqli-match.md) | You can now raise the sensitivity of your SQL injection rule statements. This doesn't change the behavior of existing statements, whose sensitivity level at the default of LOW. | July 15, 2022 |
| [Added Network Firewall policy configuration option](create-policy.md#creating-firewall-manager-policy-for-network-firewall) | Firewall Manager now supports stateful evaluation order and default actions in Network Firewall firewall policy configurations. | July 14, 2022 |
| [Updates to Firewall Manager security group policy rules settings](security-group-policies-common.md) | Firewall Manager now supports tag distribution from primary security groups to replica security groups. | July 7, 2022 |
| [Updates to the AWS Shield guide](ddos-event-mitigation.md) | Expanded the information in the Shield guide to describe how Shield performs event mitigation. | June 24, 2022 |
| [Updated guidance for testing and tuning AWS WAF protections](web-acl-testing.md) | The general guidance for testing and tuning AWS WAF is updated and is now a top-level topic. | June 20, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Core rule set (CRS). | June 9, 2022 |
| [New Firewall Manager confused deputy guidance](cross-service-confused-deputy-prevention.md) | Added guidance on how to prevent the confused deputy problem for Firewall Manager. | June 1, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Core rule set (CRS). | May 24, 2022 |
| [New AWS WAF request components: Headers and Cookies](waf-rule-statement-fields-list.md) | You can now inspect cookies and you can inspect all headers, in addition to just a single header. | April 29, 2022 |
| [New AWS WAF request components: Headers and Cookies](waf-rule-statement-fields-list.md) | You can now inspect the cookies in a web request and you can inspect all headers in a web request, in addition to just a single header. | April 29, 2022 |
| [AWS WAF handling for oversize body, headers, and cookies request components](waf-oversize-request-components.md) | You can now specify how AWS WAF should handle oversize request bodies, headers, and cookies inside your rules that inspect these components. Rules that you already created that inspect these components have behavior that matches the new Continue option for oversize handling. | April 29, 2022 |
| [AWS WAF Amazon S3 log policy changes](logging-s3.md) | Updated the Amazon S3 log permission policy and example. | April 12, 2022 |
| [Automatic application layer DDoS mitigation option now available with AWS Shield Advanced for Application Load Balancer](ddos-automatic-app-layer-response.md) | Shield Advanced now supports automatic application layer DDoS mitigation for Application Load Balancers, making it available for all application layer protections. You can configure Shield Advanced to automatically count or block the web requests that are part of an application layer DDoS attack on a protected resource. | April 8, 2022 |
| [Added an indicator of the current default version setting for managed rule groups](waf-managed-rule-groups.md) | Managed rule group version lists now indicate which version is the current default. | April 8, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: AWS WAF Bot Control. | April 6, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Known bad inputs. | March 31, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Known bad inputs. | March 30, 2022 |
| [Firewall Manager adds support for the Palo Alto Networks Cloud Next Generation Firewall (NGFW)](cloud-ngfw-policies.md) | Firewall Manager now supports the Palo Alto Networks Cloud Next Generation Firewall (NGFW). | March 30, 2022 |
| [Add support for Palo Alto Networks Cloud NGFW to AWS Firewall Manager](working-with-policies.md) | AWS Firewall Manager now supports Palo Alto Networks Cloud Next Generation Firewall (NGFW) policies. | March 30, 2022 |
| [Updates to the AWS Shield guide](shield-chapter.md) | Expanded the information in the Shield guide to describe how Shield performs event detection and to provide examples of DDoS resilient architectures. | March 16, 2022 |
| [Updates to the AWS Shield guide](shield-chapter.md) | Expanded the information in the Shield guide and improved the organization of various sections. The main changes are in the following Shield guide sections: Shield Response Team (SRT) support, Resource protections in AWS Shield Advanced, and Visibility into DDoS events. | February 28, 2022 |
| [Firewall Manager now supports the Network Firewall centralized deployment model](create-policy.md#creating-firewall-manager-policy-for-network-firewall) | Added a new procedure that explains how to configure policies that use distributed and centralized deployment models. | February 24, 2022 |
| [Firewall Manager adds support for the AWS Network Firewall centralized deployment model](network-firewall-policies.md) | You can now configure your AWS Network Firewall policies to use either the distributed or centralized deployment model. With the distributed deployment model, Firewall Manager creates and maintains firewall endpoints in each VPC that's within the policy scope. With the centralized deployment model, Firewall Manager creates and maintains firewall endpoints in a single inspection VPC. | February 24, 2022 |
| [Add support for AWS WAF managed rule group versioning to AWS Firewall Manager](getting-started-fms.md) | AWS Firewall Manager now supports AWS WAF managed rule group versioning in Firewall Manager AWS WAF policies. | February 18, 2022 |
| [AWS Firewall Manager managed policy change](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Update to `FMSServiceRolePolicy`. | February 16, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: IP reputation lists. | February 15, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the AWS WAF Fraud Control account takeover prevention (ATP) rule group `AWSManagedRulesATPRuleSet`. | February 11, 2022 |
| [Changes to the organization of the AWS WAF guide](waf-chapter.md) | Added a new top-level section for managed protections. Moved the CAPTCHA section from under rules to under the new managed protections section. Moved the labels section from under rules to its own top-level section. | February 11, 2022 |
| [AWS WAF client application integrations](waf-application-integration.md) | Use the AWS WAF JavaScript and mobile client APIs to integrate your client applications with the intelligent threat mitigation AWS Managed Rules rule groups for enhanced detection. | February 11, 2022 |
| [AWS WAF Fraud Control account takeover prevention (ATP)](waf-atp.md) | You can detect and block account takeover attempts with the new AWS WAF Fraud Control account takeover prevention (ATP) managed rule group `AWSManagedRulesATPRuleSet`. | February 11, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Known bad inputs. | January 28, 2022 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Updated `AWSWAFFullAccessPolicy` and `AWSWAFConsoleFullAccess` to correct logging permissions. | January 11, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: core rule set (CRS), SQLi database. | January 10, 2022 |
| [Firewall Manager supports Shield Advanced automatic application layer DDoS mitigation](shield-policies-auto-app-layer-mitigation.md) | Firewall Manager Shield Advanced policies for Amazon CloudFront resources now include support for automatic application layer DDoS mitigation. | January 7, 2022 |
| [AWS Firewall Manager managed policy change](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Update to `FMSServiceRolePolicy`. | January 7, 2022 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Known bad inputs. | December 17, 2021 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Known bad inputs. | December 11, 2021 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: Known bad inputs. | December 10, 2021 |
| [New AWS Shield Advanced service-linked role](shd-using-service-linked-roles.md) | Added `AWSServiceRoleForAWSShield` to support the automatic application layer DDoS mitigation functionality. | December 1, 2021 |
| [New AWS Shield managed policy](shd-security-iam-awsmanpol.md#shd-security-iam-awsmanpol-updates) | Added `AWSShieldServiceRolePolicy` to support the automatic application layer DDoS mitigation functionality. | December 1, 2021 |
| [Automatic application layer DDoS mitigation option now available with AWS Shield Advanced for CloudFront](ddos-automatic-app-layer-response.md) | Shield Advanced now supports automatic application layer DDoS mitigation for Amazon CloudFront distributions. You can configure Shield Advanced to automatically count or block the web requests that are part of an application layer DDoS attack on a CloudFront distribution. | December 1, 2021 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: core rule set (CRS), Windows operating system, Linux operating system, and IP reputation lists. | November 23, 2021 |
| [AWS Firewall Manager managed policy change](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Update to `FMSServiceRolePolicy`. | November 18, 2021 |
| [Expanded logging options for AWS WAF](logging.md) | You can now log protection pack (web ACL) traffic to an Amazon CloudWatch Logs log group or an Amazon Simple Storage Service (Amazon S3) bucket. These options are in addition to the existing option of logging to an Amazon Data Firehose delivery stream. | November 15, 2021 |
| [AWS WAF managed policy changes](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | Updated `AWSWAFFullAccessPolicy` and `AWSWAFConsoleFullAccess` to support additional logging destinations. | November 15, 2021 |
| [AWS WAF new CAPTCHA rule action option](waf-captcha-and-challenge.md) | You can configure rules to run a CAPTCHA against web requests and, as needed, send a CAPTCHA problem to the client. | November 8, 2021 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set (CRS) rule group. | October 27, 2021 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-list.md) | All AWS Managed Rules rule groups now support labeling. The rule descriptions include the label specifications. | October 25, 2021 |
| [Firewall Manager supports Network Firewall log filtering](nwfw-policies-logging-config.md) | AWS Firewall Manager now supports log filtering for Network Firewall policies. | October 4, 2021 |
| [AWS Firewall Manager managed policy change](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Update to `FMSServiceRolePolicy`. | September 29, 2021 |
| [Added regex match statement](waf-rule-statement-type-regex-match.md) | You can now match web requests against a single regular expression. | September 22, 2021 |
| [Rate-based rules inside AWS WAF rule groups](waf-rule-statement-type-rate-based.md) | You can now define rate-based rules inside AWS WAF rule groups. In AWS Firewall Manager, this capability is fully supported for AWS WAF policies. | September 13, 2021 |
| [Automatically remove out-of-scope resource protections in AWS Firewall Manager](policy-scope.md#when-out-of-scope) | AWS Firewall Manager allows you to automatically remove protections from resources that leave policy scope. | August 25, 2021 |
| [AWS Firewall Manager managed policy change](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Update to `FMSServiceRolePolicy`. | August 12, 2021 |
| [Added versioning to managed rule groups](waf-managed-rule-groups.md) | Managed rule group providers can now version their rule groups. | August 9, 2021 |
| [Modify AWS Firewall Manager administrator requirements](fms-prereq.md) | You can use the organization's management account as the Firewall Manager administrator account. This had been disallowed. | August 2, 2021 |
| [Firewall Manager quota increase](fms-limits.md#fms-limits-mutable) | Increased the number of Amazon VPC instances that you can have in scope of a Firewall Manager policy from 10 to 100. | July 28, 2021 |
| [AWS Firewall Manager support for AWS Network Firewall route table monitoring](waf-policies.md) | AWS Firewall Manager now supports route table monitoring, and provides remediation action recommendations to security administrators for AWS Network Firewall policies with misconfigured routes. | July 8, 2021 |
| [AWS WAF additional text transformation options](waf-rule-statement-transformation.md) | Expanded options for text transformations, which you can apply to web request components before inspecting them. | June 24, 2021 |
| [Modified naming for Firewall Manager AWS WAF policy resources](waf-policies.md) | The naming for the web ACLs, rule groups, and logging that Firewall Manager manages for your AWS WAF policies has changed. | May 26, 2021 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated support for labeling to IP reputation lists and removed suffixes on rule names for Amazon IP reputation list. | May 4, 2021 |
| [Add support for AWS Organizations Delegated Administrator](fms-prereq.md) | When you set the AWS Firewall Manager administrator account, Firewall Manager now designates the account as the AWS Organizations delegated administrator for Firewall Manager. With this change, when you set the Firewall Manager administrator account, you must provide a member account other than the organization's management account. This change doesn't affect your existing settings. | April 30, 2021 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the AWS WAF Bot Control rule group. | April 1, 2021 |
| [Set individual rule actions to Count in a rule group](web-acl-rule-group-override-options.md) | You can now set the individual rule actions in a rule group to Count. The information for the existing override, which is at the rule group level, has been corrected. | April 1, 2021 |
| [Scope-down statement for managed rule groups](waf-rule-scope-down-statements.md) | You can now use a scope-down statement with managed rule groups in the same way as you can with a rate-based statement. | April 1, 2021 |
| [Log filtering](logging.md) | You can now filter the protection pack (web ACL) traffic that you log based on rule action and label. | April 1, 2021 |
| [AWS WAF labels on web requests](waf-labels.md) | You can configure rules to add labels to matching web requests and to match on labels that are added by other rules. | April 1, 2021 |
| [AWS WAF Bot Control](waf-bot-control.md) | You can monitor and control bot traffic with the new AWS WAF Bot Control feature, which combines the Bot Control managed rule group with web request labeling, scope-down statements, and log filtering. | April 1, 2021 |
| [Firewall Manager supports Amazon Route 53 Resolver DNS Firewall policies](dns-firewall-policies.md) | AWS Firewall Manager supports central management of Amazon Route 53 Resolver DNS Firewall outbound DNS traffic filtering for your VPCs. | March 31, 2021 |
| [Custom request and response handling](waf-custom-request-response.md) | You can include custom headers for web requests that AWS WAF doesn't block and you can send custom responses for web requests that AWS WAF blocks. This is available for protection pack (web ACL) default action and rule action settings. | March 29, 2021 |
| [AWS Firewall Manager managed policy change](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Update to `FMSServiceRolePolicy`. | March 17, 2021 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the following rule groups: core rule set (CRS), admin protection, known bad inputs, and Linux operating system. | March 3, 2021 |
| [AWS Shield managed policy change tracking](shd-security-iam-awsmanpol.md#shd-security-iam-awsmanpol-updates) | Shield started tracking changes for its AWS managed policies. | March 3, 2021 |
| [AWS Firewall Manager managed policy change tracking](fms-security-iam-awsmanpol.md#fms-security-iam-awsmanpol-updates) | Firewall Manager started tracking changes for its AWS managed policies. | March 2, 2021 |
| [AWS WAF managed policy change tracking](security-iam-awsmanpol.md#security-iam-awsmanpol-updates) | AWS WAF started tracking changes for its AWS managed policies. | March 1, 2021 |
| [Inspect a web request body as parsed JSON](waf-rule-statement-fields-list.md#waf-rule-statement-request-component-json-body) | Added the option to inspect the web request body as parsed and filtered JSON. This is in addition to the existing option to inspect the web request body as plain text. | February 12, 2021 |
| [Firewall Manager supports AWS Network Firewall policies](network-firewall-policies.md) | AWS Firewall Manager supports central management of AWS Network Firewall network traffic filtering for your VPCs. | November 17, 2020 |
| [Add support for AWS Shield Advanced protection groups](ddos-protection-groups.md) | You can now group your protected resources into logical groups and manage their protections collectively. | November 13, 2020 |
| [Added support for AWS AppSync to AWS WAF](waf-chapter.md) | You can now associate an AWS WAF web ACL with your AWS AppSync GraphQL API. This change is only available in the latest version of AWS WAF and not in AWS WAF Classic. | October 1, 2020 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Windows operating system rule set. | September 23, 2020 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the rule sets PHP application and POSIX operating system. | September 16, 2020 |
| [Updated AWS Shield console](getting-started-ddos.md) | AWS Shield offers a new console option, with an improved user experience. The console guidance in the documentation is for the new console. | September 1, 2020 |
| [Firewall Manager updates to common security group policies](security-group-policies.md#security-group-policies-use-cases) | AWS Firewall Manager common security group policies now support Application Load Balancers and Classic Load Balancers resource types through the console implementation. The new options are available in the common policy's **Policy scope** settings. | August 11, 2020 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the core rule set. | August 7, 2020 |
| [Specify IP address location in web request](waf-rule-statement-forwarded-ip-address.md) | Added the option to use IP addresses from an HTTP header that you specify, instead of using the web request origin. The alternate header is commonly `X-Forwarded-For` (XFF), but you can specify any header name. You can use this option for IP set matching, geo matching, and rate-based rule count aggregation. | July 9, 2020 |
| [Firewall Manager updates to content audit security group policies](security-group-policies-audit.md) | AWS Firewall Manager has expanded functionality for content audit security group policies including a managed rules option, that uses managed application and protocol lists, and details for resource violations. | July 7, 2020 |
| [Firewall Manager managed lists](working-with-managed-lists.md) | AWS Firewall Manager now supports managed application and protocol lists. Firewall Manager manages some lists and you can create and manage your own. | July 7, 2020 |
| [Firewall Manager supports shared VPCs in common security group policies](security-group-policies-common.md) | AWS Firewall Manager now supports using common security group policies in shared VPCs. You can do this in addition to using them in the VPCs owned by in-scope accounts. | May 26, 2020 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-list.md) | Added documentation for each rule in the AWS Managed Rules for AWS WAF. | May 20, 2020 |
| [Updated AWS Managed Rules for AWS WAF](aws-managed-rule-groups-changelog.md) | Updated the Linux operating system rule group. | May 19, 2020 |
| [Add support for migrating AWS WAF Classic resources to AWS WAF (v2)](waf-migrating-from-classic.md) | You can now use the console or API to export your AWS WAF Classic resources for migration to the latest version of AWS WAF. | April 27, 2020 |
| [Add support for AWS Organizations organizational units in policy scope](working-with-policies.md) | AWS Firewall Manager now supports using AWS Organizations organizational units (OUs) to specify policy scope. You can use OUs to include or exclude accounts from the scope, in addition to including or excluding specific accounts. Specifying an OU is the same as specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. | April 6, 2020 |
| [Add support for AWS WAF (v2) to AWS Firewall Manager](working-with-policies.md) | AWS Firewall Manager now supports the latest version of AWS WAF, in addition to the prior version, AWS WAF Classic. | March 31, 2020 |
| [Update to AWS Firewall Manager common security group policies](https://docs.aws.amazon.com/waf/latest/developerguide/create-policy.html#creating-firewall-manager-policy-common-security-group) | AWS Firewall Manager common security group policy now has the option to apply the policy to all elastic network interfaces in your in-scope Amazon EC2 instances. You can still choose to only apply the policy to the default elastic network interface. | March 11, 2020 |
| [Updated AWS Managed Rules for AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) | AWS Managed Rules for AWS WAF added an `AWSManagedRulesAnonymousIpList` rule group. | March 6, 2020 |
| [Updated AWS Managed Rules for AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) | AWS Managed Rules for AWS WAF updated the WordPress application and `AWSManagedRulesCommonRuleSet` rule groups. | March 3, 2020 |
| [Added Amazon Route 53 health check to AWS Shield Advanced protection options](ddos-advanced-health-checks.md) | Shield Advanced now supports the use of Amazon Route 53 health check associations, to improve the accuracy of threat detection and mitigation. | February 14, 2020 |
| [Updated AWS Managed Rules for AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) | AWS Managed Rules for AWS WAF has updated the SQL Database rule group to add checking the message URI. | January 23, 2020 |
| [Firewall Manager new option for security group usage audit policy](https://docs.aws.amazon.com/waf/latest/developerguide/security-group-policies.html#security-group-policies-usage) | Firewall Manager has a new option for security group usage audit policies. You can now set a minimum number of minutes a security group must remain unused before it's considered noncompliant. By default, this minutes setting is zero. | January 14, 2020 |
| [Firewall Manager new option for AWS WAF policy](https://docs.aws.amazon.com/waf/latest/developerguide/create-policy.html#creating-firewall-manager-policy-for-classic-waf) | Firewall Manager has a new option for AWS WAF policies. You can now choose to remove all existing web ACL associations from in-scope resources before associating the policy's new web ACLs to them. | January 14, 2020 |
| [Updated AWS Managed Rules for AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) | AWS Managed Rules for AWS WAF has updated text transformations for rules in the Core Rule Set and the SQL Database rule groups. | December 20, 2019 |
| [AWS Firewall Manager integrated with AWS Security Hub CSPM](https://docs.aws.amazon.com/waf/latest/developerguide/fms-findings.html) | AWS Firewall Manager now creates findings for resources that are out of compliance and for attacks and sends them to AWS Security Hub CSPM. | December 18, 2019 |
| [Release of AWS WAF version 2](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) | New version of the AWS WAF developer guide. You can manage a web ACL or rule group in JSON format. Expanded capabilities include logical rule statements, rule statement nesting, and full CIDR support for IP addresses and address ranges. Rules are no longer AWS resources, but exist only in the context of a web ACL or rule group. For existing customers, the prior version of the service is now called AWS WAF Classic. In the APIs, SDKs, and CLIs, AWS WAF Classic retains its naming schemes and this latest version of AWS WAF is referred to with an added "V2" or "v2", depending on the context. AWS WAF can't access AWS resources that were created in AWS WAF Classic. To use those resources in AWS WAF, you need to migrate them. | November 25, 2019 |
| [AWS Managed Rules rule groups for AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups.html) | Added AWS Managed Rules rule groups. These are free of charge for AWS WAF customers. | November 25, 2019 |
| [AWS Firewall Manager support for Amazon Virtual Private Cloud security groups](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-policies.html) | Added support for Amazon VPC security groups to Firewall Manager. | October 10, 2019 |
| [AWS Firewall Manager support for AWS Shield Advanced](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) | Added support for Shield Advanced to Firewall Manager. | March 15, 2019 |
| [Tutorial: Creating hierarchical policies](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) | Added tutorial on creating hierarchical policies in AWS Firewall Manager. | February 11, 2019 |
| [Rule-level control in rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) | You can now exclude individual rules from AWS Marketplace rule groups, as well as your own rule groups. | December 12, 2018 |
| [AWS Shield Advanced support for AWS Global Accelerator standard accelerators](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) | Shield Advanced can now protect AWS Global Accelerator standard accelerators. | November 26, 2018 |
| [AWS WAF support for Amazon API Gateway](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) | AWS WAF now protects Amazon API Gateway APIs. | October 25, 2018 |
| [Expanded AWS shield advanced getting started wizard](https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html) | New wizard provides opportunity to create rate-based rules and Amazon CloudWatch Events. | August 31, 2018 |
| [AWS WAF logging](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) | Enable logging to get detailed information about traffic that is analyzed by your web ACL. | August 31, 2018 |
| [Support for query parameters in conditions](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields.html) | When creating a condition, you can now search the requests for specific parameters. | June 5, 2018 |
| [Shield advanced getting started wizard](https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html) | Introduces a new streamlined process for subscribing to AWS Shield Advanced. | June 5, 2018 |
| [Expanded allowed CIDR ranges](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-ipset-match.html) | When creating an IP match condition, AWS WAF now supports IPv4 address ranges: /8 and any range between /16 through /32. | June 5, 2018 |
# Updates before 2018
The following table describes important changes in each release of the *AWS WAF Developer Guide* that were made before 2018.
| Change | API Version | Description | Release Date |
| --- | --- | --- | --- |
| Update | 2016-08-24 | AWS Marketplace rule groups | November, 2017 |
| Update | 2016-08-24 | Shield Advanced support for Elastic IP addresses | November, 2017 |
| Update | 2016-08-24 | Global threat dashboard | November, 2017 |
| Update | 2016-08-24 | DDoS-resistant website tutorial | October, 2017 |
| Update | 2016-08-24 | Geo and regex conditions | October, 2017 |
| Update | 2016-08-24 | Rate-based rules | June, 2017 |
| Update | 2016-08-24 | Reorganization | April, 2017 |
| Update | 2016-08-24 | Added information about DDOS protection and support for Application Load Balancers. | November, 2016 |
| New Features | 2015-08-24 | You can now log all your API calls to AWS WAF through AWS CloudTrail, the AWS service that records API calls for your account and delivers log files to your S3 bucket. CloudTrail logs can be used to enable security analysis, track changes to your AWS resources, and aid in compliance auditing. Integrating AWS WAF and CloudTrail lets you determine which requests were made to the AWS WAF API, the source IP address from which each request was made, who made the request, when it was made, and more. If you are already using AWS CloudTrail, you will start seeing AWS WAF API calls in your CloudTrail log. If you haven't enabled CloudTrail for your account, you can enable it on CloudTrail from the [AWS Management Console](https://console.aws.amazon.com/cloudtrail/home). There is no additional charge for enabling CloudTrail, but standard rates for Amazon S3 and Amazon SNS usage apply. | April 28, 2016 |
| New Features | 2015-08-24 | You can now use AWS WAF to allow, block, or count web requests that appear to contain malicious scripts, known as cross-site scripting or XSS. Attackers sometimes insert malicious scripts into web requests in an effort to exploit vulnerabilities in web applications. For more information, see [Cross-site scripting attack rule statement](waf-rule-statement-type-xss-match.md). | March 29, 2016 |
| New Features | 2015-08-24 | With this release, AWS WAF adds the following features: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/doc-history-early-changes.html) | January 27, 2016 |
| New Feature | 2015-08-24 | You can now use the AWS WAF console to choose the CloudFront distributions that you want to associate a web ACL with. For more information, see [Associating or Disassociating a Web ACL and a CloudFront Distribution](https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-working-with.html#web-acl-associating-aws-resource). | November 16, 2015 |
| Initial Release | 2015-08-24 | This is the first release of the *AWS WAF Developer Guide*. | October 6, 2015 |