WAF managed rule to prevent dotenv vulnerability

Hi,

These are couple of Rule sets that do have certain calls to env coverage :

AWSManagedRulesUnixRuleSet
PHP RuleSet

we were not able to find anything specific for docker. However we would recommend you to consider managed rules and a base coverage using which you can write custom rules to meet any additional coverage that may be needed.

Here is the link which talks about managed rule groups : https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-use-case.html#aws-managed-rule-groups-use-case-posix-os

I hope this helps.

Hi There! Thank you for your answer! I added 2 more AWS managed rules AWSManagedRulesUnixRuleSet and AWSManagedRulesPHPRuleSet but still can access .env

curl -I  https://example.com/.env
HTTP/2 404
content-type: application/json

Any thoughts?