AWS WAF Rule Match Regular Expression

0

In AWS WAF, I'm trying to do a really simple regex to match a URI path but have it be case insensitive.

I am not a regex expert so it's possible this is wrong, but it tests ok at Regex101. And it's not that complicated.

/\/URIPath/i

The string is /URIPath and I want it to recognize it even if it was typed out like /uripath or /UrIpaTh, etc. If I add this to the rule though, it ends up not matching and blocking all variations of /URIPath.

WAF doesn't give me any formatting errors. What needs to happen for this to produce matches for AWS WAF? Or does choosing "Contains" accomplish the same thing (is that still case sensitive if it's not 'match exactly')?

svk253
asked a month ago559 views
1 Answer
1
Accepted Answer

In AWS WAF, when you are using regular expressions for matching URI paths, you must consider how regex is supported in that context. AWS WAF uses RE2-style regular expressions, which notably does not support all Perl-compatible regular expression (PCRE) features. One such unsupported feature is inline modifiers, like the case-insensitivity flag (?i) used in PCRE. Instead, you need to manually specify case insensitivity by including both uppercase and lowercase versions of each character.

Here is how you can modify your regular expression to match /URIPath in a case-insensitive manner:

\/[Uu][Rr][Ii][Pp][Aa][Tt][Hh]

This regex will match /URIPath, /uripath, /URIPATH, /uRiPaTh, etc., because it includes each possible upper and lower case variation of the letters in "URIPath".

Regarding your question about using "Contains" in AWS WAF rules:

  • The "Contains" string match condition checks whether part of the web request, such as the URI or query string, contains the specified string. This type of matching is case sensitive. If you use "Contains" with "URIPath", it will not match "/uripath", "/URIPATH", etc.

So, if you need case-insensitive matching, you should use the modified regex above with the Regex match statement in AWS WAF. This will ensure that variations in case will still trigger a match without relying on the unsupported inline flag for case insensitivity.

profile picture
EXPERT
answered a month ago
profile picture
EXPERT
A_J
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions