Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS WAF is blocking CloudWatch's Synthetic Canary

1

Hello, Is anyone else having issues with the Synthetic Canaries being blocked by the AWS WAF Managed Rules' AWSManagedIPReputationList and/or AWSManagedReconnaissanceList?

Is there a way to let the WAF know that those requests are safe?

Right now my approach has been to whitelist the public IP of the request (but this IP is dynamic os it won't last long) or set to count those rules but then I'm leaving a little bit open the site.

Thanks for you comments. Regards.

Themen
Sicherheit, Identität & KonformitätVernetzung & Bereitstellung von InhaltenManagement & Unternehmensführung
Tags
AWS WAFAWS Firewall-ManagerVernetzung & Bereitstellung von InhaltenAmazon CloudWatch
Sprache
English
profile picture
Higher
gefragt vor 2 Jahren1341 Aufrufe
2 Antworten
2

One option you have is to configure your Canary to use a specific request header or cookie, then look for the presence of that in a custom WAF rule. You could either allow the traffic and not process any other rules, or you could add a label, which you could then use in a scope-down statement to bypass the rule(s) that are currently blocking your Canary

AWS
EXPERTE
Paul_L
beantwortet vor 2 Jahren
  • Higher
    vor 2 Jahren

    Thanks for the reply. By any change do you have an example of how to insert a custom header in the Canary code, I have very little knowledge of NodeJS.

    Kind Regards.

0

You can put all your canaries in the VPC and then whitelist your NAT Gateway IPs from Web ACL. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_VPC.html

Krishan
beantwortet vor 4 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt