WAF managed rules blocking SES incoming email notifications

0

I use SES incoming email for a discussion groups feature. When an email arrives, SES is configured to notify an SNS topic, which in turn POSTs to an HTTPS endpoint on my backend via a CloudFront distribution. This stopped working some time between Dec 5 and 24: the POST from SNS was showing as 403 Forbidden / Error in the CloudFront logs. After some trial and error, I discovered that by turning off the AWS WAF WindowsManagedRuleSet on my CloudFront distribution, I could fix the problem. Has anyone else seen this? It seems like an obvious false positive if AWS WAF rules are blocking AWS SESS notifications.

1 réponse
0

Hello, Chris,

I found this AWS document on mitigation of false positives in WAF (1) and how to override rules in the group to identify which is causing the issue. I see 6 rules in the Windows Operating System managed rule in my own account. You can set individual rules to "count" one at a time to identify which may be preventing your SNS topic from posting. See the documentation link for details.

If you can identify the rule causing the issue and don't mind leaving it in "count", you can go that route. Otherwise, if you have a CloudFront request Id (x-amz-cf-id), this can be investigated further via a support case.


** RESOURCES **

  1. AWS Managed Rules for AWS WAF - https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups.html
AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Ron_H
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions