En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

API Gateway access log still get requests blocked by WAF

0

Hi there, I have an API Gateway with the access logging enabled (logs are streamed to Firehose). I have noticed that the requests blocked by WAF are streamed to Firehose too (I wasn't expecting that). My understanding was that when WAF blocks a request, this will not be forwarded any further but if the API Gateway log is written I assume that the request reaches it, isn't it?

If this is the correct behavior, is there a way to filter out some access logs to be streamed to firehose?

Sujets
Sécurité, identité et conformitéSans serveurWeb et mobile front-endRéseaux et diffusion de contenu
Balises
AWS WAFPasserelle API Amazon
Langue
English
Marco Arrigo
demandé il y a 2 ans1118 vues
2 réponses
0

When you enable WAF for API Gateway, WAF is not located in front of the Gateway but rather on the side, i.e., the request is always received by API Gateway, if WAS is enabled, API Gateway sends the request to WAF and based on the result it decides if to continue processing the request and send it to the backend integration or send an error message back to the client.

It will look like this (forgive my drawing capabilities):

Client -> API Gateway -> Backend
          |    ^
          V    |
           WAF
profile pictureAWS
EXPERT
Uri
répondu il y a 2 ans
0

I'm not quite sure if there can be filtering enabled for logs with APIGW, but with WAF you can do filtering. In the sense that you can only logs BLOCK requests. You can also do redaction of HTTP Requests Headers that you may deem sensitive to be stored such as auth headers, etc.

AWS
Timothy_M
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents