[AWS WAF] Can't hit the rule with managed rules included in custom rules

1

Hello,

I'm testing some rules on AWS WAF. As with the custom rules (such as URI), I can configure them successfully.

However, when I add another "label" rule inside this custom rule, it can never hit (count) although I can see the relevant logs.

Any advice? Thank you.

demandé il y a 2 ans365 vues
2 réponses
0

Can you perhaps share the rule syntax so that we can understand the logic better? Is it an "AND" or an "OR" condition?

AWS
répondu il y a 2 ans
  • I tried using "AND" or "OR" condition, or even just applied a single rule. Here are details of the rule: { "Name": "CustomCountRule-NoUserAgentHeader", "Priority": 0, "Statement": { "AndStatement": { "Statements": [ { "LabelMatchStatement": { "Scope": "LABEL", "Key": "awswaf:managed:aws:core-rule-set:NoUserAgent_Header" } }, { "NotStatement": { "Statement": { "ByteMatchStatement": { "SearchString": "<redacted>", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "CONTAINS" } } } } ] } }, "Action": { "Count": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "CustomCountRule-NoUserAgentHeader" } }

0

Similar issue. Extremely basic IP match rule with default BLOCK results in the rule never being hit and all requests blocked with the IP that should be allowed through listed in the logs and in the "sample requests".

répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions