En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Clicking Add rule with the rule builder for a Web ACL in AWS WAF does nothing (no errors), the browser console shows WAFLimitsExceededException, we have no other WAFs

0

I've created my first WAF/Web ACL for a Cloudfront distribution, I'm trying to block some links by query string matches. When I click Add rule, there are no errors thrown, nothing happens. Checking the browser console shows:

WAFLimitsExceededException: AWS WAF couldn’t perform the operation because you exceeded your resource limit.

We have no other WAFs, and only one Web ACL I've just created and want to add a single Rule on.

Sujets
Sécurité, identité et conformité
Balises
AWS WAFGestionnaire de pare-feu AWS
Langue
English
williama
demandé il y a 2 ans659 vues
2 réponses
0

There are multiple things that can cause this, the error you are facing is not only limited with having only one WAF WebACL. For more details with the quotas specifically for WAFv2 - https://docs.aws.amazon.com/waf/latest/developerguide/limits.html

AWS
Timothy_M
répondu il y a 2 ans
  • williama
    il y a 2 ans

    I went through that list already, we have only 1 WAF WebACL, 0 Rule groups, 0 Ip sets, our requests per second is well below the limit, no custom request headers, no custom response headers, no custom response bodies, no log streams setup for the WebACL. Other errors show, eg. if I fail to fill in a field or configure it incorrectly, but just setting up a query string match rule, shows no error at all, and nothing happens when I click Add rule. When I open the browser console, I see the error I've mentioned about WAFLimitsExceeded. The UI displays nothing.

0

Can you confirm that you are using WAFv2 and not Classic WAF? Classic WAF has lower limits compare to WAFv2.

Classic WAF quotas - https://docs.aws.amazon.com/waf/latest/developerguide/limits.html

Will you be able to share the raw request body from the browser console when you see the error? (e.g. HTTP Archive (HAR) file) Please remove any sensitive information from it. Next, this can be correlated with Cloudtrail as well, I assume you are using WAFv2 so it should appear in "UpdateWebACL" API Call.

Finally, I do recommend creating a support case for this. Looking forward for your response.

AWS
Timothy_M
répondu il y a 2 ans
  • williama
    il y a 2 ans

    It is v2, not the classic WAF, after experimenting a little I found the issue was that the length of the string I was using in the filter, when I increased the size, I was still not seeing an error in the UI but I saw it in the network response that I had exceeded the character limit. There seems to be a gap between the lengths where it shows the correct error or the generic limits exceeded error.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents