Posted On: Jun 28, 2021
AWS WAF now supports 15 additional text transformations, allowing you to reformat web requests to remove any unusual formatting, or sanitize input before rule evaluation. It can be used to identify threats that may be obscured by attackers in an effort to bypass detection. You can use these new text transformations with WAF rule statements, such as SQLi detection, string match, and regex pattern set. You can chain up to 10 text transformations together in a single rule statement. Once configured, AWS WAF will apply the transformations first before evaluating the rule statement.
For example, UTF8_TO_UNICODE text transformation converts all UTF-8 character sequences into Unicode and this can be used to help minimize both false-positives and false-negatives for payload that are not in English language. MD5 text transformation calculates an MD5 hash value and this can be used to check if input parameters are within expected value and have not been tampered using text obfuscation techniques.
There is no additional cost for using these additional text transformations, but standard service charges for AWS WAF still apply. The new transformations are available in all AWS WAF regions and for each supported service, including Amazon CloudFront, Application Load Balancer, Amazon API Gateway, and AWS AppSync. For full list of text transformations that are supported, see the AWS WAF developer guide.