How do I optimize a regex pattern set?

3 minute read

When I try to create a new regex pattern set in AWS WAF, I receive the "WAFLimitsExceededException" error. I want to optimize my existing regex pattern sets so that I can add new regex patterns and regex pattern sets.

Resolution

There is a default maximum regex pattern set for each AWS Region quota in AWS WAF and in AWS WAF Classic. These quotas can't be changed. When you reach your quota, you must expand or consolidate your existing regex pattern sets.

Reuse regex pattern sets

When possible, reuse regex pattern sets within multiple web access control list (web ACL) rules. When you update the referenced regex pattern set, AWS WAF automatically updates all the rules that reference it.

Update existing regex pattern sets

Use AWS Command Line Interface (AWS CLI) to update your regex pattern set

To update your regex pattern set, run update-regex-pattern-set.

Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Use the AWS WAF console to update your regex pattern set

Open the AWS WAF console.
In the navigation pane, choose Regex pattern sets.
Select your regex pattern set.
To add a new pattern, choose Add Regex patterns.
To delete an existing pattern, select the pattern, and then choose Delete.

Update your existing regex pattern sets to use multiple patterns in a single regex pattern set. To use the character count more efficiently, use the OR logical "|" to add multiple patterns to a single pattern.

Note: AWS WAF has quotas for maximum characters in each regex pattern. These differ from the AWS WAF Classic quotas.

For example, instead of this:

#--------------------------
# REGEX_Pattern_Set_A
#--------------------------
REGEX_PATTERN_1
REGEX_PATTERN_2
REGEX_PATTERN_3
REGEX_PATTERN_4
REGEX_PATTERN_5
REGEX_PATTERN_6
REGEX_PATTERN_7
REGEX_PATTERN_8
REGEX_PATTERN_9
REGEX_PATTERN_10

Do this:

#--------------------------
#REGEX_Pattern_Set_A
#--------------------------
REGEX_PATTERN_1
REGEX_PATTERN_2 
REGEX_PATTERN_3|REGEX_PATTERN_4|REGEX_PATTERN_5|REGEX_PATTERN_6
REGEX_PATTERN_7|REGEX_PATTERN_8|REGEX_PATTERN_9|REGEX_PATTERN_10

With the preceding updates, you can increase the number of regex patterns in a regex pattern set.

The following example shows how to identify multiple domains in a single regex pattern set:

(example.com|example.net|example.org)

Note: This example shows regex patterns to identify the following domains: example.com, example.net, and example.org. Replace these domains with your domains.

Add regex pattern sets to your AWS WAF rules

Complete the following:

Open the AWS WAF console.
Under Rules, choose Add rules, and then choose Add my own rules and rule group.
For Inspect, select the request component.
For Match type, select Match patterns from Regex pattern set.
Select your regex pattern set.
Update the Rule Action based on your use case.
Choose Save.

Related information

Creating a regex pattern set

Regex match rule statement

Topics

Security, Identity, & Compliance

Relevant content

JWT regex for a specific aud
Accepted Answer
maxmoore14
asked 2 years ago
AWS GLUE - ISSUES REGEX NOT CREATING A COLUMN IN THE FINAL TABLE
livia vialta
asked 7 days ago
AWS Athena - Hive Regex
Madara
asked 4 months ago
Lex Slot Regex Help
Accepted Answer
MJ
asked 7 months ago
Issue with extracting specific value from a column using regex in AWS Glue Visual editor
Prajwal K
asked 2 months ago
How do I set up a Lambda function to invoke when a state changes in AWS Step Functions?
AWS OFFICIALUpdated 3 years ago
How do I identify traffic patterns invoked by SQLi and XSS rules in AWS WAF?
AWS OFFICIALUpdated 2 months ago
How do I troubleshoot Amazon Kinesis Agent issues on a Linux machine?
AWS OFFICIALUpdated 2 years ago
How do I set a monthly spending limit alarm for SMS messages in Amazon SNS?
AWS OFFICIALUpdated 7 months ago
How do I create a selection in AWS re:Post?
EXPERT
Gayathri Krishnamoorthy
published 9 months ago