1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hi !
Thanks for reaching out to Re:Post !
Going through the above logging configuration, the reason you are still seeing ALLOW requests in the log is because those requests might be allowed by the default action of the Web ACL if it is set to allow . WAF logging filter with rule ACTION does not consider requests acted upon by the default action Web ACL behavior.
Deciding on the default action for a web ACL - https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html
관련 콘텐츠
- AWS 공식업데이트됨 10달 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
I have the same issue, so what is the proper way to log only the blocked requests if there is a default action ALLOW in web ACL?