- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hi,
I am not sure that WAF offers what you need out of the box: AFAIK, no ability to exclude the logging of some parts of the content like a cookie.
But, you can achieve that by yourself: WAF can route its logs to a Kinesis stream. So, you can write a listener such a stream that we do the cleanup that you want before writing to CloudWatch. It gives you full control on the content of your permanently stored WAF logs.
See section of "Amazon Kinesis Data Firehose data streams" of https://docs.aws.amazon.com/waf/latest/developerguide/waf-policies.html
Best,
Didier
From the documentation at https://docs.aws.amazon.com/waf/latest/APIReference/API_Cookies.html
if you specify the parts of the cookies to inspect and narrow the set of cookies to inspect by including or excluding specific keys, the content of the cookies will not be logged.
For example, the following CookieMatchSet condition will inspect all cookies except for the password cookie:
{
"Name": "MyCookieMatchSet",
"CookieNames": ["*"],
"MatchTypes": ["EQUALS"],
"ExcludedCookieNames": ["password"]
}
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 4 heures
- Réponse acceptéedemandé il y a 7 mois
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
