Firewall Manager: Scope-down statements in Managed rule groups
Hello,
In WAFv2, we do use a lot of scope-down statements in managed rule groups. Is this supported in security policies distributed by the Firewall Manager as well?
The UI at least doesn't offer support for that. I thought I did manage to add scope-down statements via API, well Terraform, but I cannot be sure as the UI does not show that. Checking the JSON from the ACL, the scope-down statement does not show up.
So, is there support for it but I just cannot see it, or is the config silently disregarded?
Regards, -Kai.
- Newest
- Most votes
- Most comments
Regrettably, AWS Firewall Manager does not currently support scope-down statements. This feature is not available through the API, CloudFormation, or JSON editor, and although the API may indicate success, the scope-down statement will not be reflected in the policy.
We have already raised a feature request for this issue, but we are unable to provide an estimate on when this feature will be released. We encourage you to monitor our What's New [1] and Blog pages [2] for any new feature announcements.
In the meantime, you can implement a workaround by creating a custom rule group to whitelist the traffic that you want to allow, and adding the rule below the AWS managed rule group [3].
[1] https://aws.amazon.com/new/ [2] https://aws.amazon.com/blogs/aws/ [3] https://repost.aws/knowledge-center/waf-detect-false-positives-from-amrs
Relevant content
- asked 9 months ago
- Accepted Answerasked a year ago
- asked 2 years ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Yeah, I kind of expected to hear that after further experimentation. Thanks for the confirmation.