Limits
AWS WAF has default limits on the number of entities per account. You can request an increase in these limits.
| Resource | Default Limit |
|---|---|
Web ACLs per AWS account | 10 |
Rules per AWS account | 50 |
Conditions per AWS account | 50 |
| Requests per Second | 10,000 per web ACL |
The following limits on AWS WAF entities can't be changed.
| Resource | Limit |
|---|---|
Rules per web ACL | 10 |
Conditions per rule | 10 |
Filters per cross-site scripting match condition | 10 |
Filters per size constraint condition | 10 |
Filters per SQL injection match condition | 10 |
Filters per string match condition | 10 |
In string match conditions, the number of characters in HTTP header names, when you've configured AWS WAF to inspect the headers in web requests for a specified value | 40 |
In string match conditions, the number of bytes in the value that you want AWS WAF to search for | 50 |
IP address ranges (in CIDR notation) per IP match condition | 1000 |
