- Newest
- Most votes
- Most comments
I was able to workaround the issue by using the "custom response" logic described here: https://repost.aws/knowledge-center/waf-managed-rules
Instead of blocking requests tagged with any tag in the whole "namespace" of all SQL injection rules (awswaf:managed:aws:sql-database
), I configured it to only match on the body (awswaf:managed:aws:sql-database:SQLi_Body
).
But this is a hack since the cookies are still scanned for SQL injection. I'd like to avoid scanning cookies all together, like ModSecurity's UpdateTargetById
To prevent cookies from triggering rules in the AWS-managed SQL Injection rule set:
Identify the SQLi_COOKIE rule that is blocking requests containing cookies.
Edit the rule and set the action to ALLOW for that specific rule.
Save the changes to the rule group.
Setting the action to ALLOW for just the SQLi_COOKIE rule should allow requests containing cookies to pass, while still blocking for other rules like SQLi_BODY or SQLi_HEADER.
Relevant content
- Accepted Answerasked 3 years ago
- asked 3 years ago
- asked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago