WAF & Load Balancer Integration Impact
I created a web application firewall (WAF) integration with my load balancer:
- AWS-AWSManagedRulesAmazonIpReputationList
- AWS-AWSManagedRulesCommonRuleSet
- AWS-AWSManagedRulesKnownBadInputsRuleSet
But I noticed that it started impacting my edit access on certain applications (403 Forbidden administrator access). Why is that?
- Newest
- Most votes
- Most comments
It sounds like your requests are matching one of the managed rules, and are being blocked (false positives). You may need to tune some of the rules to reduce these, or you could create an exception for your own requests. For example, you could create a rule that allows all requests from your IP address and place it at the top of the WebACL. This would effectively exempt your requests from any of the managed rules.
To find out exactly which rule is matching your requests, you'll need to do some log analysis - take a look at this article for instructions and sample queries.
You can create a custom rule in AWS WAF that allows all requests from specific, trusted IP addresses and place this rule at the top of the Web Access Control List (WebACL). By doing so, requests from these IPs will be allowed through before any of the managed rules have a chance to block them.
Adding to the great answers above, you could look through the CloudWatch Logs for your IP addresses to understand what's the rule that you are triggering.
Relevant content
- asked 5 months ago
- asked 5 years ago
AWS OFFICIALUpdated 5 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago