AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

WAF managed rules blocking SES incoming email notifications

0

I use SES incoming email for a discussion groups feature. When an email arrives, SES is configured to notify an SNS topic, which in turn POSTs to an HTTPS endpoint on my backend via a CloudFront distribution. This stopped working some time between Dec 5 and 24: the POST from SNS was showing as 403 Forbidden / Error in the CloudFront logs. After some trial and error, I discovered that by turning off the AWS WAF WindowsManagedRuleSet on my CloudFront distribution, I could fix the problem. Has anyone else seen this? It seems like an obvious false positive if AWS WAF rules are blocking AWS SESS notifications.

トピック
セキュリティ、アイデンティティ、コンプライアンスフロントエンド Web & モバイルビジネスアプリケーション
タグ
AWS WAFAmazon Simple Email Service
言語
English
Chris-D
質問済み 2年前526ビュー
1回答
0

Hello, Chris,

I found this AWS document on mitigation of false positives in WAF (1) and how to override rules in the group to identify which is causing the issue. I see 6 rules in the Windows Operating System managed rule in my own account. You can set individual rules to "count" one at a time to identify which may be preventing your SNS topic from posting. See the documentation link for details.

If you can identify the rule causing the issue and don't mind leaving it in "count", you can go that route. Otherwise, if you have a CloudFront request Id (x-amz-cf-id), this can be investigated further via a support case.

** RESOURCES **

  1. AWS Managed Rules for AWS WAF - https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups.html
AWS
サポートエンジニア
Ron_H
回答済み 2年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ