Questions tagged with AWS WAF
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
We have a WAF set up in front of our API that is hosted in ECS/Fargate. One of the endpoints allows to upload (POST) an installer binary for our download area.
So far Windows installers work fine,...
1
answers
0
votes
42
views
asked 2 days agolg...
We have 2 identical prod environments in AWS and the end-user send the exact same payload in those environments. However, one works fine, the other is blocked by **AWS Managed WAF Ruleset-Size...
1
answers
0
votes
113
views
asked 4 days agolg...
There's an endpoint blocked by AWS WAF. Let's say /api/services. In the logs, it's evident that it's being blocked due to the "size body" in the AWS Managed RuleSet. I've edited SizeRestrictions_BODY...
1
answers
0
votes
150
views
asked 7 days agolg...
is there a way to customize the 403 error message that WAF puts out? Right now our clients are seeing:
<html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center>...
1
answers
0
votes
65
views
asked 7 days agolg...
I'm using the WebACL, that is included my rule group, and other account's rule group.
I know that i cannot read or modify the other's rule group, but when I try to add a new rule group or market rule...
1
answers
0
votes
81
views
asked 10 days agolg...
I have rechecked I don't have any I haven't set up any AWS WAF. Even not able to see under WAF any resource.
I am getting lots of bills hourly based for Global-RuleV2 and AWS WAF Global-WebACLV2.
how...
1
answers
0
votes
318
views
asked 16 days agolg...
Hello,
In the EC2 instance, there is an image processing API, and I associate a WAF on ALB, then configured the following rule in the WAF:
```typescript
const awsManagedRulesCommonRuleSet:...
2
answers
0
votes
387
views
asked 16 days agolg...
One of our client is trying to reach our application but they are not able to reach with 403 error.
We have enabled WAF for this application with a custom rule looking for X-Forwarded-For header...
2
answers
0
votes
332
views
asked 22 days agolg...
ConfigureRateBasedRule: CloudFormation did not receive a response from your Custom Resource. If you are using the Python cfn-response module, you may need to update your Lambda function code so that...
1
answers
0
votes
171
views
asked 23 days agolg...
I am analysing my waf logs and i want to ignore any requests coming from Amazon's web crawling bots
Could someone help me with that
Well i tried to reverse and forward DNS look up to verify an ip...
2
answers
0
votes
159
views
asked 25 days agolg...
I have deployed microservice application on ECS in Mumbai region but my customers are from Sri Lanka how can I block the access to the application from other countries except Sri Lanka, when I set Sri...
2
answers
0
votes
152
views
asked a month agolg...
I have a website that is behind ALB with WAF integration. Our vulnerability scan showed the following:
Website Does Not Implement HSTS Best Practices
**Recommendation:**
Implement HTTP Strict...
2
answers
0
votes
623
views
asked a month agolg...