[AWS WAF] Can't hit the rule with managed rules included in custom rules

1

Hello,

I'm testing some rules on AWS WAF. As with the custom rules (such as URI), I can configure them successfully.

However, when I add another "label" rule inside this custom rule, it can never hit (count) although I can see the relevant logs.

Any advice? Thank you.

質問済み 2年前361ビュー
2回答
0

Can you perhaps share the rule syntax so that we can understand the logic better? Is it an "AND" or an "OR" condition?

AWS
回答済み 2年前
  • I tried using "AND" or "OR" condition, or even just applied a single rule. Here are details of the rule: { "Name": "CustomCountRule-NoUserAgentHeader", "Priority": 0, "Statement": { "AndStatement": { "Statements": [ { "LabelMatchStatement": { "Scope": "LABEL", "Key": "awswaf:managed:aws:core-rule-set:NoUserAgent_Header" } }, { "NotStatement": { "Statement": { "ByteMatchStatement": { "SearchString": "<redacted>", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "CONTAINS" } } } } ] } }, "Action": { "Count": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "CustomCountRule-NoUserAgentHeader" } }

0

Similar issue. Extremely basic IP match rule with default BLOCK results in the rule never being hit and all requests blocked with the IP that should be allowed through listed in the logs and in the "sample requests".

回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン