The rule 'AWS WAF ReactJS RCE Attempt via Body' is designed to detect potential exploits targeting React applications hosted on AWS infrastructure. Specifically, it monitors for patterns indicative of React2Shell (CVE-2025-55182) exploitation attempts that occur through the HTTP request body. This detection is integrated within the AWS Web Application Firewall (WAF) and applies across various AWS services such as Application Load Balancer (ALB), CloudFront, API Gateway, and AppSync. The rule's effectiveness is backed by various logs that capture relevant traffic, including the source IP, HTTP request details, and actions taken against these requests (BLOCK or ALLOW). High severity is assigned to alerts generated from this rule, especially those that result in an ALLOW decision, warranting immediate investigation to rule out any potential compromise of application security. The operational runbook suggests actions for user analysts to review alerts evaluating the nature of the request and to take remedial measures like blocking repeat offenders. Suitable tests have been incorporated to ensure accurate detection, which include scenarios for blocking malicious requests and allowing normal traffic to ensure rules are functioning as intended.