Posted On: Oct 16, 2017

Today, we are excited to announce Regular Expression (regex) support in AWS WAF. Regex complements the string match conditions previously available in AWS WAF, allowing you to match more sophisticated request patterns when inspecting and filtering web requests. 

For instance, you can now use regex to block certain known bad bots by looking for patterns like B[a@]dB[o0]t in the User-Agent header. You can also apply multiple regex patterns to a single request, allowing you, for example, to block requests that match B[a@]dB[o0]t or C[r@]al[e0]rs[1-2]*. Once created, regex patterns can be reused across multiple AWS WAF rules, allowing you to look for the same expression across different parts of a web request such as the Header, QueryString, or Body. Regex conditions can be combined with other condition types to create more sophisticated filters. For instance, you can use AWS WAF’s built-in SQL injection condition in conjunction with a regex-based condition to look for SQL injection attempts only on URLs with *.php while ignoring URLs with *.jpg

AWS WAF supports most of the standard Perl Compatible Regular Expressions (PCRE). To get started, simply create a new string match condition with a regex pattern using the AWS WAF API or AWS Management Console and add that condition to a rule.

Regex conditions are available to AWS WAF customers at no additional charge. As with other AWS WAF features, you pay only for what you use and there are no upfront fees or minimum monthly commitments. You can learn more about Regex Match Conditions by visiting the AWS WAF detail page or by reading the AWS WAF Developer Guide.