Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

[AWS WAF] Can't hit the rule with managed rules included in custom rules

1

Hello,

I'm testing some rules on AWS WAF. As with the custom rules (such as URI), I can configure them successfully.

However, when I add another "label" rule inside this custom rule, it can never hit (count) although I can see the relevant logs.

Any advice? Thank you.

Themen
Sicherheit, Identität & Konformität
Tags
AWS WAF
Sprache
English
Nam Tran
gefragt vor 2 Jahren431 Aufrufe
2 Antworten
0

Can you perhaps share the rule syntax so that we can understand the logic better? Is it an "AND" or an "OR" condition?

AWS
Tzoori Tamam
beantwortet vor 2 Jahren
  • Nam Tran
    vor 2 Jahren

    I tried using "AND" or "OR" condition, or even just applied a single rule. Here are details of the rule: { "Name": "CustomCountRule-NoUserAgentHeader", "Priority": 0, "Statement": { "AndStatement": { "Statements": [ { "LabelMatchStatement": { "Scope": "LABEL", "Key": "awswaf:managed:aws:core-rule-set:NoUserAgent_Header" } }, { "NotStatement": { "Statement": { "ByteMatchStatement": { "SearchString": "<redacted>", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "CONTAINS" } } } } ] } }, "Action": { "Count": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "CustomCountRule-NoUserAgentHeader" } }

0

Similar issue. Extremely basic IP match rule with default BLOCK results in the rule never being hit and all requests blocked with the IP that should be allowed through listed in the logs and in the "sample requests".

rePost-User-4453523
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt