Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS WAF URI regex don't match

1

Hi, I created a Web ACL with one rule to allow traffic only on some enpoint, and the default ACL action is to block requests that don't match the rule.

## Rule
Field to Match: URI Path
Regular Expression: /(account|category|post)/ 
Action: ALLOW

##  Default web ACL action for requests that don't match any rules
Action: BLOCK

The problem is that the rule match only path with two or more segments, but don't match path with 1 segment.

http://api.example.com/account/foo/bar     => MATCH - ALLOW
http://api.example.com/account/foo?bar=baz => MATCH - ALLOW
http://api.example.com/account/foo         => MATCH - ALLOW

http://api.example.com/account             => DON'T MATCH - BLOCK
http://api.example.com/account?foo=bar     => DON'T MATCH - BLOCK

What's wrong? I would like the rule matches also path with 1 segment. Thanks in advance

Themen
Sicherheit, Identität & Konformität
Tags
AWS WAF
Sprache
English
AWS-User-3147005
gefragt vor 2 Jahren2438 Aufrufe
1 Antwort
3

Your regex ends with "/" so the last two URLs will not match because "account" in these URL does not end with "/"

Can you try with "/(account|category|post)"?

Thanks

profile pictureAWS
Eunsu_Shin
beantwortet vor 2 Jahren
  • AWS-User-3147005
    vor 2 Jahren

    Uh really? I'm using "/" as a delimiter of the regex. Anyway now it works

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt