- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
What rules do you currently have in place?
For the AWS Managed Ruleset, the "AWSManagedRulesSQLiRuleSet" can be set to protect against SQL injection.
https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-use-case.html#aws-managed-rule-groups-use-case-sql-db
Also note that even matching requests will not be blocked unless the rule is set to block instead of count.
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-action.html
Hi Riku, thanks for you answer.
I have the rule AWSManagedRulesSQLiRuleSet active and also blocking.
I also check in WAF log and the request body is less than 8KB and requestBodySizeInspectedByWAF is equals to requestBodySize, so WAF is checking and allowing the request.
Shouldn't this request be blocked?
Thanks
Contenuto pertinente
- AWS UFFICIALEAggiornata 4 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa