By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

WAF is not blocking after string match

0

I create a rule i.e.

Type --> Regular rule

Field to match --> URI path

Positional constraint ---> Contains string

Search string ----> /test/*

Text transformations --> Lowercase (Priority 0)

Action --> Block

Custom response code --> 404

But after loading a url https://a.xyz.com/test/a or https://a.xyz.com/test its still works but not blocking. Why? What is wrong with the rule. Can anyone guide me please

Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
AWS-User-0338648
asked 2 years ago1684 views
1 Answer
1
Accepted Answer

I think the problem is your use of the wildcard in your search string. The string match condition is "contains string," so in order to match on both the examples you've provided, you would need to change it to "/test"

If /test will always be at the start of the URI path then you should change the string match condition to "starts with string" as this consumes fewer WCUs.

Documentation for this can be found here: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-string-match.html

AWS
EXPERT
Paul_L
answered 2 years ago
  • AWS-User-0338648
    2 years ago

    but what if I want to set URI --> /test/a/* what should be string match condition? and for abc.example.com/* what should be string match condition?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content