Posted On: Mar 29, 2016

You can now configure AWS WAF to block, allow, or monitor (count) requests based on Cross-Site Scripting (XSS) match conditions. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts (like Javascript) into other legitimate user’s web browsers. This XSS match condition feature prevents these vulnerabilities in your web application by inspecting different elements of the incoming request.

To allow, block or monitor web requests that contain malicious XSS code, create one or more XSS match conditions. An XSS injection match condition identifies the part of web requests, such as the URI or the query string that you want AWS WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow, block or count requests that appear to contain malicious XSS.
There is no additional charge to using this feature, the regular AWS WAF pricing applies. For more information, see Working with XSS match conditions in the AWS WAF Developer Guide.

Along with other features like SQL Injection match condition, IP condition, an any other string match conditions, AWS WAF now provides the most important capabilities to protect your web applications. In addition, customers can implement automated protection on AWS WAF using the Preconfigured Rules and Tutorials to further improve protection against HTTP floods, and other known bad actors on the internet.