En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

WAF Log Filters Not Dropping Specified Requests

0

We are attempting to create logging filters for our WAF policies. I created the following conditions for logging:

Rule action: BLOCK Keep in logs

Rule action: ALLOW - Drop from logs

Default logging behavior Drop from logs

However, requests with the rule action ALLOW are still being logged. Are there any additional steps I can take to filter out log conditions?

Sujets
Sécurité, identité et conformitéOutils de développementGestion et gouvernance
Balises
AWS WAFSurveillance et journalisation
Langue
English
AWS-User-8005909
demandé il y a 2 ans532 vues
1 réponse
0

Hi !

Thanks for reaching out to Re:Post !

Going through the above logging configuration, the reason you are still seeing ALLOW requests in the log is because those requests might be allowed by the default action of the Web ACL if it is set to allow . WAF logging filter with rule ACTION does not consider requests acted upon by the default action Web ACL behavior.

Deciding on the default action for a web ACL - https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html

AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Ansh_C
répondu il y a 2 ans
  • rePost-User-4900825
    il y a un an

    I have the same issue, so what is the proper way to log only the blocked requests if there is a default action ALLOW in web ACL?

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents