Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I use AWS WAF to block HTTP requests that don't contain a user agent header?

5 minute read
0

I want to use AWS WAF to restrict HTTP requests that don't contain a specific user agent value in the request. Or, the request contains a specific user agent header value in the request.

Short description

By default, AWS WAF filters don't check whether HTTP request parameters are present. To use AWS WAF to block HTTP requests based on the user agent header, take one of the following actions:

  • Use AWS Managed Rules to block requests that don't contain a user agent header.
  • Use custom rules to block requests that don't contain a user agent header.
  • Use custom rules to block requests with a specific user agent header.

Resolution

Use AWS Managed Rules to block requests that don't contain a user agent header

If you use AWS Managed Rules for AWS WAF, then you don't have to write your own rules.

Note: AWS Managed Rules are subject to version changes and expiration. For more information, see Using versioned managed rule groups in AWS WAF.

The NoUserAgent_HEADER rule inspects for requests that don't have the HTTP User-Agent header. The SignalNonBrowserUserAgent rule inspects for user agent strings that don't appear to be from a web browser, including requests with no user agent.

Add an AWS Managed Rules rule group to your web ACL

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Find your protection pack and choose View and edit beside Rules.
  5. In the right pane, choose Add rules.
    Choose AWS-managed rule group and click Next.
  6. Select the rule group that you want to add.
  7. Choose Add to web ACL.
    Note: Select Add to web ACL for Core rule set. Core rule set contains the NoUserAgent_HEADER rule.
  8. Choose Create Rule.

Edit an existing AWS Managed Rules rule group in your web ACL

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Find your protection pack and choose View and edit beside Rules.
  5. In the right pane, select your AWS Managed Rule Group.
  6. In the Rule Overrides section, you can edit the settings.
    Note: For more information about editing settings, see Working with managed rule groups.
  7. Choose Save Rule.

If you encounter false positives with AWS Managed Rules rule groups, then see AWS Managed Rules for AWS WAF.

Use custom rules to block requests that don't contain a user agent header

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Find your protection pack and choose View and edit beside Rules.
  5. In the right pane, choose Add rules.
    Choose Custom rule and click Next.
    Choose Custom rule again and click Next.
  6. Set the Rule Action to BLOCK.
  7. Enter your Rule name.
  8. For If a request, expand the dropdown and choose does not match the statement (NOT).
  9. For Inspect, choose Single header.
  10. Under NOT Statement,complete the following:
    For Header field name, enter a name for the field. For example, User Agent.
    For Match type, choose Size greater than.
    For Size in bytes, enter 0.
    (Optional) Choose a Text transformation or choose None.
  11. Choose Create Rule.
  12. (Optional) To set rule priority, select Edit Rule Order in the right pane and then update the priority. For more information, see Setting rule priority.
    Note: Rules are applied in the order they appear.
  13. Choose Save Rule Order.

Use custom rules to block requests with a specific user agent header.

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Find your protection pack and choose View and edit beside Rules.
  5. In the right pane, choose Add rules.
    Choose Custom rule and click Next.
    Choose Custom rule again and click Next.
  6. Set the Rule Action to BLOCK.
  7. Enter your Rule name.
  8. For If a request, expand the dropdown and choose matches the statement.
  9. For Inspect, choose Single header.
  10. Under Statement, configure the following settings:
    For Header field name, enter a name for the field. For example, User Agent.
    For Match type, choose Contains string.
    For String to match, enter the user agent that you want to block.
    (Optional) Choose a Text transformation or choose None.
  11. Choose Create Rule.
  12. (Optional) To set rule priority, select Edit Rule Order in the right pane and then update the priority. For more information, see Setting rule priority.
    Note: Rules are applied in the order they appear.
  13. Choose Save Rule Order.
Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
AWS OFFICIALUpdated 4 months ago
No comments

Relevant content