Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

[AWS WAF] Can't hit the rule with managed rules included in custom rules

1

Hello,

I'm testing some rules on AWS WAF. As with the custom rules (such as URI), I can configure them successfully.

However, when I add another "label" rule inside this custom rule, it can never hit (count) although I can see the relevant logs.

Any advice? Thank you.

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS WAF
Idioma
English
Nam Tran
preguntada hace 2 años431 visualizaciones
2 Respuestas
0

Can you perhaps share the rule syntax so that we can understand the logic better? Is it an "AND" or an "OR" condition?

AWS
Tzoori Tamam
respondido hace 2 años
  • Nam Tran
    hace 2 años

    I tried using "AND" or "OR" condition, or even just applied a single rule. Here are details of the rule: { "Name": "CustomCountRule-NoUserAgentHeader", "Priority": 0, "Statement": { "AndStatement": { "Statements": [ { "LabelMatchStatement": { "Scope": "LABEL", "Key": "awswaf:managed:aws:core-rule-set:NoUserAgent_Header" } }, { "NotStatement": { "Statement": { "ByteMatchStatement": { "SearchString": "<redacted>", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "CONTAINS" } } } } ] } }, "Action": { "Count": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "CustomCountRule-NoUserAgentHeader" } }

0

Similar issue. Extremely basic IP match rule with default BLOCK results in the rule never being hit and all requests blocked with the IP that should be allowed through listed in the logs and in the "sample requests".

rePost-User-4453523
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante