AWS WAF now supports 15 additional text transformations, allowing you to reformat web requests to remove any unusual formatting, or sanitize input before rule evaluation. It can be used to identify threats that may be obscured by attackers in an effort to bypass detection. You can use these new text transformations with WAF rule statements, such as SQLi detection, string match, and regex pattern set. You can chain up to 10 text transformations together in a single rule statement. Once configured, AWS WAF will apply the transformations first before evaluating the rule statement.
Source:: Amazon AWS