- 최신
- 최다 투표
- 가장 많은 댓글
Yes, with the release of versioning for managed rule groups, you can choose a specific version of the managed rules you wish to use. Updates are released as new versions, providing you the ability to test them before enabling them in block mode. You can also receive notifications of updates to managed rules via SNS. The announcement here: https://aws.amazon.com/about-aws/whats-new/2021/08/aws-waf-offers-managed-rule-group-versioning/ has further information and links to documentation.
If you have another IAM User/Role who can create new rule and you want to enforce the rule after review from your side, you can guide the IAM User/Role to create new rule with count action. Count action will not allow or block HTTP request but will just count if the request match the rule. So there should be no impact on service traffic and you can change the action to allow/block if you like the rule.
You can also create CloudWatch alarm if someone create new rule.
Below link is for creating CloudWatch Alarm using CloudTrail. The example in this link is for changing security group but you can create CloudWatch alarm for changing WAF rule group with eventName:UpdateWebACL.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html
Thanks
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 2년 전
I am specifically asking about new rules that are added by AWS. We think a new rule was added by AWS that prevented users from viewing a previously viewable page. How do we disable the new rules so that we can review them before enabling them
You will need to edit your managed rules and change the version from "Default" to a specific version number. Be sure to subscribe to the SNS topic so that you know when new versions are released, you can then test them before upgrading to the new version. You can also see the changelog here: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html