Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

WAF new rules warning

0

Does WAF warn administrators of new rules that are added by AWS? Is there a way to disable new rules by default, then turn new rules on if you like?

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS WAF
Idioma
English
CML
preguntada hace 2 años419 visualizaciones
3 Respuestas
2

Yes, with the release of versioning for managed rule groups, you can choose a specific version of the managed rules you wish to use. Updates are released as new versions, providing you the ability to test them before enabling them in block mode. You can also receive notifications of updates to managed rules via SNS. The announcement here: https://aws.amazon.com/about-aws/whats-new/2021/08/aws-waf-offers-managed-rule-group-versioning/ has further information and links to documentation.

AWS
EXPERTO
Paul_L
respondido hace 2 años
0

If you have another IAM User/Role who can create new rule and you want to enforce the rule after review from your side, you can guide the IAM User/Role to create new rule with count action. Count action will not allow or block HTTP request but will just count if the request match the rule. So there should be no impact on service traffic and you can change the action to allow/block if you like the rule.

You can also create CloudWatch alarm if someone create new rule.

Below link is for creating CloudWatch Alarm using CloudTrail. The example in this link is for changing security group but you can create CloudWatch alarm for changing WAF rule group with eventName:UpdateWebACL.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html

Thanks

profile pictureAWS
Eunsu_Shin
respondido hace 2 años
  • CML
    hace 2 años

    I am specifically asking about new rules that are added by AWS. We think a new rule was added by AWS that prevented users from viewing a previously viewable page. How do we disable the new rules so that we can review them before enabling them

  • Paul_L EXPERTO
    hace 2 años

    You will need to edit your managed rules and change the version from "Default" to a specific version number. Be sure to subscribe to the SNS topic so that you know when new versions are released, you can then test them before upgrading to the new version. You can also see the changelog here: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html

0

Getting notified of new versions and updates to a managed rule group

profile pictureAWS
EXPERTO
kentrad
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante