WAF is not blocking after string match
I create a rule i.e.
Type --> Regular rule
Field to match --> URI path
Positional constraint ---> Contains string
Search string ----> /test/*
Text transformations --> Lowercase (Priority 0)
Action --> Block
Custom response code --> 404
But after loading a url https://a.xyz.com/test/a or https://a.xyz.com/test its still works but not blocking. Why? What is wrong with the rule. Can anyone guide me please
I think the problem is your use of the wildcard in your search string. The string match condition is "contains string," so in order to match on both the examples you've provided, you would need to change it to "/test"
If /test will always be at the start of the URI path then you should change the string match condition to "starts with string" as this consumes fewer WCUs.
Documentation for this can be found here: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-string-match.html
Relevant questions
Block suspicious(specific) user-agent using AWS WAF
Accepted Answerasked 3 months agoBlock very large requests to API Gateway
Accepted AnswerCustom response body for AWS bot control
asked a month agoWAF blocking requests because of the ELB cookie values
asked 2 months agoAthena : HIVE_BAD_DATA
asked 4 months agoWAF rule that matches URI AND does NOT contain a string in a header
asked 2 years agoAWS WAF URI regex don't match
asked 4 months agoWAF is not blocking after string match
Accepted Answerasked 9 days agoWAF rule statement unable to match Header
asked 8 months agoWAF AWSManagedRulesATPRuleSet paramter VolumetricIpHigh tuning
asked 2 months ago
but what if I want to set URI --> /test/a/ what should be string match condition? and for abc.example.com/ what should be string match condition?