Create custom rule for Web ACL

To create a custom Web ACL (Access Control List) rule in AWS WAF (Web Application Firewall) that restricts the body size of incoming requests to a maximum of 10 MB, you can follow these steps:

**Step-by-Step Guide

Navigate to the AWS WAF Console:**

Go to the AWS Management Console.

Open the AWS WAF & Shield console.

Create a New Web ACL (if you don’t have one):

Click on Create web ACL.

Select the appropriate Regional or CloudFront scope based on your requirement.

Enter a name and select the resource to associate with the Web ACL.

**Add Rules to the Web ACL:

** Once the Web ACL is created, go to the Rules tab.

Click on Add rules.

Select Add my own rules and rule groups.

Create a New Rule:

Click on Create rule.

Enter a rule name.

Choose Regular rule.

Configure Rule Statement:

In the Statement section, select Size constraint.

Set the Field to match to Body.

Set the Match type to Greater than.

Enter 10485760 (10 MB in bytes) as the size.

Choose Byte as the unit.

Set the Action for the Rule:

In the Action section, select Block to block requests with a body size greater than 10 MB.

Add the Rule to the Web ACL:

Save the rule.

Go back to the Web ACL and add the newly created rule to the list of rules in the Web ACL.

**Save and Deploy: ** Review the Web ACL and the rules.

Click on Save and deploy the Web ACL.

You can filter out requests based on their size by following the step-by-step instructions in this document article section: https://docs.aws.amazon.com/waf/latest/developerguide/waf-oversize-request-components.html#waf-oversize-request-components-blocking

You'll need to select "Body" as the request component to be inspected in this case.