By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

WAF rule statement unable to match Header

0

Hello,
I'd like to block requests that contain a specific Header "X-Forwarded-Host" using a rule in my Web ACL by using a "Size match condition" (like it is also demonstrated in Option 2 from this guide: https://aws.amazon.com/de/premiumsupport/knowledge-center/waf-block-http-requests-no-user-agent/)

I tired four scenarios but none was able to match the requests where the Header was set.

  1. If matches: Size greater than or equal to 0 -> matches nothing
  2. if matches: Size less than or equal to 0 -> matches nothing
  3. If NOT matches: Size greater than or equal to 0 -> matches every request without the header
  4. if NOT matches: Size less than or equal to 0 -> matches every request without the header

Expected behavior would be that 1. or 4. would match the requests.
Am I overlooking something here or is there a different solution?

Thank you for your time

Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
BenediktKaiser
asked 3 years ago1089 views
1 Answer
0

OP here (somehow I had to set a new username)

I was able to solve this issue. The rule was not working because of it's priority in respect to another whitelisting rule. Once it was moved before the whitelisting the filtering works as expected.

bedaka
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content