Starting today, the AWS WAF geographic match statement adds labels to each request, to indicate ISO 3166 country and region codes. Customers have asked for more control of geographic regions within a country, such as a specific state in the United States. With the updated geographic match rule statements, customers can control access at the region level. The geographic match rule statement now automatically annotates a request from Texas, USA with the label awswaf:clientip:geo:region:US-TX, and a request from Queensland, Australia with the label awswaf:clientip:geo:region:AU-QLD. Customers can add label matching rules to capture region labels and block specific regions, without blocking the entire country.