Between 18:21 and 18:25 ET this evening, a change was made to our web application firewall (WAF) rules which caused some clients to experience a loss of service. This WAF change was suggested by Amazon to add an extra layer of security to our environment, but instead, we saw it was flagging most users as malicious. Once we saw that this occurred when the WAF rule was turned on, it was quickly rolled back. This change seemed low-risk due to the origination of the suggestion, but we should have collected more data on it before rolling it out to production. We will be making sure future WAF rules follow that process.