For instance, you can now use regex to block certain known bad bots by looking for patterns like B[a@]dB[o0]t in the User-Agent header. You can also apply multiple regex patterns to a single request, allowing you, for example, to block requests that match B[a@]dB[o0]t or C[r@]al[e0]rs[1-2]*. Once created, regex patterns can be reused across multiple AWS WAF rules, allowing you to look for the same expression across different parts of a web request such as the Header, QueryString, or Body. Regex conditions can be combined with other condition types to create more sophisticated filters. For instance, you can use AWS WAF’s built-in SQL injection condition in conjunction with a regex-based condition to look for SQL injection attempts only on URLs with *.php while ignoring URLs with *.jpg.