Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

WAF rule statement unable to match Header

0

Hello,
I'd like to block requests that contain a specific Header "X-Forwarded-Host" using a rule in my Web ACL by using a "Size match condition" (like it is also demonstrated in Option 2 from this guide: https://aws.amazon.com/de/premiumsupport/knowledge-center/waf-block-http-requests-no-user-agent/)

I tired four scenarios but none was able to match the requests where the Header was set.

  1. If matches: Size greater than or equal to 0 -> matches nothing
  2. if matches: Size less than or equal to 0 -> matches nothing
  3. If NOT matches: Size greater than or equal to 0 -> matches every request without the header
  4. if NOT matches: Size less than or equal to 0 -> matches every request without the header

Expected behavior would be that 1. or 4. would match the requests.
Am I overlooking something here or is there a different solution?

Thank you for your time

Themen
Sicherheit, Identität & Konformität
Tags
AWS WAF
Sprache
English
BenediktKaiser
gefragt vor 3 Jahren1101 Aufrufe
1 Antwort
0

OP here (somehow I had to set a new username)

I was able to solve this issue. The rule was not working because of it's priority in respect to another whitelisting rule. Once it was moved before the whitelisting the filtering works as expected.

bedaka
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt