WAF Log Filters Not Dropping Specified Requests

We are attempting to create logging filters for our WAF policies. I created the following conditions for logging:

Rule action: BLOCK Keep in logs

Rule action: ALLOW - Drop from logs

Default logging behavior Drop from logs

However, requests with the rule action ALLOW are still being logged. Are there any additional steps I can take to filter out log conditions?

トピック

セキュリティ、アイデンティティ、コンプライアンス開発者用ツール管理とガバナンス

タグ

AWS WAF モニタリングとロギング

言語

English

AWS-User-8005909

質問済み 2年前533ビュー

1回答

新しい順
投票が多い順
コメントが多い順

これらの回答は役に立ちましたか？コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。

Hi !

Thanks for reaching out to Re:Post !

Going through the above logging configuration, the reason you are still seeing ALLOW requests in the log is because those requests might be allowed by the default action of the Web ACL if it is set to allow . WAF logging filter with rule ACTION does not consider requests acted upon by the default action Web ACL behavior.

Deciding on the default action for a web ACL - https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html

サポートエンジニア

Ansh_C

回答済み 2年前

rePost-User-4900825
1年前
I have the same issue, so what is the proper way to log only the blocked requests if there is a default action ALLOW in web ACL?

WAF Log Filters Not Dropping Specified Requests

関連するコンテンツ