How do I optimize a regex pattern set?
When I try to create a new regex pattern set in AWS WAF, I receive the "WAFLimitsExceededException" error. I want to optimize my existing regex pattern sets so that I can add new regex patterns and regex pattern sets.
Resolution
There is a default maximum regex pattern set for each AWS Region quota in AWS WAF and in AWS WAF Classic. These quotas can't be changed. When you reach your quota, you must expand or consolidate your existing regex pattern sets.
Reuse regex pattern sets
When possible, reuse regex pattern sets within multiple web access control list (web ACL) rules. When you update the referenced regex pattern set, AWS WAF automatically updates all the rules that reference it.
Update existing regex pattern sets
Use AWS Command Line Interface (AWS CLI) to update your regex pattern set
To update your regex pattern set, run update-regex-pattern-set.
Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
Use the AWS WAF console to update your regex pattern set
- Open the AWS WAF console.
- In the navigation pane, choose AWS WAF, and then choose Resources & protection packs.
- Under Protection packs, choose Manage sets and groups.
- Select Manage regex pattern sets.
- In the right pane, select your regex pattern set.
- Choose Add and edit regex patterns.
- To add a new pattern, write on a new line.
- To delete an existing pattern, delete its line.
- Click Save regex pattern.
Update your existing regex pattern sets to use multiple patterns in a single regex pattern set. To use the character count more efficiently, use the OR logical "|" to add multiple patterns to a single pattern.
Note: AWS WAF has quotas for maximum characters in each regex pattern. These differ from the AWS WAF Classic quotas.
For example, instead of this:
#-------------------------- # REGEX_Pattern_Set_A #-------------------------- REGEX_PATTERN_1 REGEX_PATTERN_2 REGEX_PATTERN_3 REGEX_PATTERN_4 REGEX_PATTERN_5 REGEX_PATTERN_6 REGEX_PATTERN_7 REGEX_PATTERN_8 REGEX_PATTERN_9 REGEX_PATTERN_10
Do this:
#-------------------------- #REGEX_Pattern_Set_A #-------------------------- REGEX_PATTERN_1 REGEX_PATTERN_2 REGEX_PATTERN_3|REGEX_PATTERN_4|REGEX_PATTERN_5|REGEX_PATTERN_6 REGEX_PATTERN_7|REGEX_PATTERN_8|REGEX_PATTERN_9|REGEX_PATTERN_10
With the preceding updates, you can increase the number of regex patterns in a regex pattern set.
The following example shows how to identify multiple domains in a single regex pattern set:
(example.com|example.net|example.org)
Note: This example shows regex patterns to identify the following domains: example.com, example.net, and example.org. Replace these domains with your domains.
Add regex pattern sets to your AWS WAF rules
Complete the following:
- Open the AWS WAF console.
- In the navigation pane, choose AWS WAF, and then choose Resources & protection packs.
- Find your protection pack and choose View and edit beside Rules.
- In the right pane, choose Add rules,
Choose Custom rule and click Next.
Choose Custom rule again and click Next. - Update the Rule Action based on your use case.
- Enter your Rule name
- For Inspect, select the request component.
- For Match type, select Match patterns from Regex pattern set.
- Select your regex pattern set.
- Choose Create rule.
Related information
- Argomenti
- Security, Identity, & Compliance
- Tag
- AWS WAF
- Lingua
- English
Contenuto pertinente
- AWS UFFICIALEAggiornata 4 mesi fa