By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

WAF new rules warning

0

Does WAF warn administrators of new rules that are added by AWS? Is there a way to disable new rules by default, then turn new rules on if you like?

Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
CML
asked 2 years ago410 views
3 Answers
2

Yes, with the release of versioning for managed rule groups, you can choose a specific version of the managed rules you wish to use. Updates are released as new versions, providing you the ability to test them before enabling them in block mode. You can also receive notifications of updates to managed rules via SNS. The announcement here: https://aws.amazon.com/about-aws/whats-new/2021/08/aws-waf-offers-managed-rule-group-versioning/ has further information and links to documentation.

AWS
EXPERT
Paul_L
answered 2 years ago
0

If you have another IAM User/Role who can create new rule and you want to enforce the rule after review from your side, you can guide the IAM User/Role to create new rule with count action. Count action will not allow or block HTTP request but will just count if the request match the rule. So there should be no impact on service traffic and you can change the action to allow/block if you like the rule.

You can also create CloudWatch alarm if someone create new rule.

Below link is for creating CloudWatch Alarm using CloudTrail. The example in this link is for changing security group but you can create CloudWatch alarm for changing WAF rule group with eventName:UpdateWebACL.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html

Thanks

profile pictureAWS
Eunsu_Shin
answered 2 years ago
  • CML
    2 years ago

    I am specifically asking about new rules that are added by AWS. We think a new rule was added by AWS that prevented users from viewing a previously viewable page. How do we disable the new rules so that we can review them before enabling them

  • Paul_L EXPERT
    2 years ago

    You will need to edit your managed rules and change the version from "Default" to a specific version number. Be sure to subscribe to the SNS topic so that you know when new versions are released, you can then test them before upgrading to the new version. You can also see the changelog here: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html

0

Getting notified of new versions and updates to a managed rule group

profile pictureAWS
EXPERT
kentrad
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content