Custom Rule Not Being Evaluated

0

I have a custom error page as HTTP Response when a page is blocked, for labels generated in SQLi Ruleset. It works. But, when I add another Rule in the same Rule Group for CommonRuleSet (CrossSiteScripting), it is not getting evaluated. Everything for this is similar to the one that is working, but it is still not getting evaluted! I followed the Priority and also the COUNT setting for the Rules that I need to have Label generated. Anyone came across this scenario?

asked a year ago190 views
1 Answer
0

It is possible that there's a slight misconfiguration after you add new statements/ modify the Label match rule. It would be good to share the rule configuration that you are using.

In my understanding the rule would look something like this:

{
  "Name": "Label_Match",
  "Priority": 0,
  "Action": {
    "Block": {
      "CustomResponse": {
        "ResponseCode": "200"
      }
    }
  },
  "VisibilityConfig": {
    "SampledRequestsEnabled": true,
    "CloudWatchMetricsEnabled": true,
    "MetricName": "Label_Match"
  },
  "Statement": {
    "OrStatement": {
      "Statements": [
        {
          "LabelMatchStatement": {
            "Scope": "LABEL",
            "Key": "awswaf:managed:aws:sql-database:SQLi_Body"
          }
        },
        {
          "LabelMatchStatement": {
            "Scope": "LABEL",
            "Key": "awswaf:managed:aws:core-rule-set:CrossSiteScripting_Body"
          }
        }
      ]
    }
  }
}
AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions