#AWS WAF Adds Support for Cross-Site Scripting (XSS) Match Condition

Originally Posted: AWS WAF Adds Support for Cross-Site Scripting (XSS) Match Condition

You can now configure WAF to block, allow, or monitor (count) requests based on Cross-Site Scripting (XSS) match conditions. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts (like Javascript) into other legitimate user’s web browsers. This XSS match condition feature prevents these vulnerabilities in your web application by inspecting different elements of the incoming request.

Related posts