WAF Log Filters Not Dropping Specified Requests

We are attempting to create logging filters for our WAF policies. I created the following conditions for logging:

Rule action: BLOCK Keep in logs

Rule action: ALLOW - Drop from logs

Default logging behavior Drop from logs

However, requests with the rule action ALLOW are still being logged. Are there any additional steps I can take to filter out log conditions?

주제

보안, 신원 및 규정 준수 개발자 도구 관리 및 거버넌스

태그

AWS WAF 모니터링 및 로깅

언어

English

AWS-User-8005909

질문됨 2년 전533회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

Hi !

Thanks for reaching out to Re:Post !

Going through the above logging configuration, the reason you are still seeing ALLOW requests in the log is because those requests might be allowed by the default action of the Web ACL if it is set to allow . WAF logging filter with rule ACTION does not consider requests acted upon by the default action Web ACL behavior.

Deciding on the default action for a web ACL - https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html

지원 엔지니어

Ansh_C

답변함 2년 전

rePost-User-4900825
일 년 전
I have the same issue, so what is the proper way to log only the blocked requests if there is a default action ALLOW in web ACL?

WAF Log Filters Not Dropping Specified Requests

관련 콘텐츠