AWS WAF Now Inspects HTTP Request Body and Adds Size Constraint Condition
You can now configure AWS WAF to block, allow, or monitor (count) requests based on the content in HTTP request bodies. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from an HTML form.
You can also set size constraints on specified parts of the requests, which let AWS WAF allow, block, or count web requests based on the lengths of specified parts of the requests such as query strings, URIs, or request body.
These features provide increased protection against attacks like SQL injection and Cross-Site Scripting (XSS) and are available at no additional charge. For more information, see Working with Size Constraint Conditions in the AWS WAF Developer Guide.