Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

[AWS WAF] Can't hit the rule with managed rules included in custom rules

1

Hello,

I'm testing some rules on AWS WAF. As with the custom rules (such as URI), I can configure them successfully.

However, when I add another "label" rule inside this custom rule, it can never hit (count) although I can see the relevant logs.

Any advice? Thank you.

Tópicos
Segurança, identidade e conformidade
Tags
AWS WAF
Idioma
English
Nam Tran
feita há 2 anos431 visualizações
2 Respostas
0

Can you perhaps share the rule syntax so that we can understand the logic better? Is it an "AND" or an "OR" condition?

AWS
Tzoori Tamam
respondido há 2 anos
  • Nam Tran
    há 2 anos

    I tried using "AND" or "OR" condition, or even just applied a single rule. Here are details of the rule: { "Name": "CustomCountRule-NoUserAgentHeader", "Priority": 0, "Statement": { "AndStatement": { "Statements": [ { "LabelMatchStatement": { "Scope": "LABEL", "Key": "awswaf:managed:aws:core-rule-set:NoUserAgent_Header" } }, { "NotStatement": { "Statement": { "ByteMatchStatement": { "SearchString": "<redacted>", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "CONTAINS" } } } } ] } }, "Action": { "Count": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "CustomCountRule-NoUserAgentHeader" } }

0

Similar issue. Extremely basic IP match rule with default BLOCK results in the rule never being hit and all requests blocked with the IP that should be allowed through listed in the logs and in the "sample requests".

rePost-User-4453523
respondido há um ano

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante