WAF Managed Group Rules (notifications, etc)

0
  1. Is there any release cadence for changes to an aws managed rule?
  2. Is there any notification that an ACL is being changed/updated?
  3. How can you get information on what particular part of a request is specifically triggering the count/block?
  4. Can we add a custom 403 page on our WAF?
AWS
モデレーター
質問済み 4年前531ビュー
1回答
1
承認された回答
  1. There is no release cadence for changes to AWS (Marketplace) Managed rules, they are automatically updated by AWS (or the marketplace seller) when new vulnerabilities and threats emerge.

  2. No notification is sent when an AWS (or marketplace) managed rule is updated. Every time an AWS (or marketplace) managed web ACL is updated, you have a CloudTrail UpdateWebACL API call in your account, you can setup an event to trigger off of CloudTrail when the UpdateWebACL API is called. The easiest way to do this would be to subscribe to an SNS topic and then Create a CloudWatch Event rule to trigger this. Keep in mind that the RuleGroup within the WebACL is owned and managed by the vendor, you will not be able to see/know what changes were made. "Each AWS Marketplace rule group provides a comprehensive description of the types of attacks and vulnerabilities that it's designed to protect against. To protect the intellectual property of the rule group providers, you can't view the individual rules within a rule group. This restriction also helps to keep malicious users from designing threats that specifically circumvent published rules." - https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html

  3. You can have more information from WAF logs (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)

  4. Currently AWS does not provide a way to add a custom error page to WAF. If they're using WAF with CloudFront, they can use Lambda@Edge to differentiate 403s generated by WAF to those generated by the origin of the distribution, I wrote a blog post on this a few months ago: https://aws.amazon.com/blogs/networking-and-content-delivery/generating-dynamic-error-responses-in-amazon-cloudfront-with-lambdaedge/

AWS
回答済み 4年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ