Questions tagged with AWS WAF
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
How to use AWS WAF to prevent "awselb/2.0" server information exposure in HTTP response header?lg...
![vulnerability snapshot](/media/postImages/original/IM2QRdsK_0Tx-P4R-ruiM5jg)
We identified this vulnerability in our VAPT reports. unfortunately, AWS doesn't provide any option to remove the header....
2
answers
0
votes
136
views
asked 2 days agolg...
In AWS WAF, I'm trying to do a really simple regex to match a URI path but have it be case insensitive.
I am not a regex expert so it's possible this is wrong, but it tests ok at Regex101. And it's...
Accepted AnswerAWS WAF
1
answers
0
votes
116
views
asked 3 days agolg...
I'm currently using another company's VPS and Cloudflare as a CDN, but I've encountered security issues with my server. That's why I want to migrate my server to AWS EC2 and CloudFront. In my past...
1
answers
0
votes
343
views
asked 9 days agolg...
I followed the steps described in this documentation:
https://docs.aws.amazon.com/waf/latest/developerguide/waf-js-captcha-api.html
When a user tries to complete a Captcha verification on the JS...
1
answers
0
votes
181
views
asked 9 days agolg...
Hello.
I found an article stating that the maximum request rate for a web ACL is 25,000 per second. I want to know what happens if I exceed this limit in my requests.
Does the WAF respond with...
Accepted AnswerAWS WAF
2
answers
0
votes
145
views
asked 11 days agolg...
Good morning I have the following scenario protecting the cognito client_credential flow with additional programmatic control using cognito lambda triggers.
After a bit of testing and reading the...
1
answers
0
votes
135
views
asked 19 days agolg...
Currently we are facing a DDoS attack on our application every 3-4 days. We have configured a WAF rate limiting rule that seems to work correctly against our load testing tool but doesnt seem to block...
1
answers
0
votes
216
views
asked 21 days agolg...
We have a WAF set up in front of our API that is hosted in ECS/Fargate. One of the endpoints allows to upload (POST) an installer binary for our download area.
So far Windows installers work fine,...
Accepted AnswerAWS WAF
1
answers
0
votes
155
views
asked 23 days agolg...
We have 2 identical prod environments in AWS and the end-user send the exact same payload in those environments. However, one works fine, the other is blocked by **AWS Managed WAF Ruleset-Size...
1
answers
0
votes
246
views
asked 25 days agolg...
There's an endpoint blocked by AWS WAF. Let's say /api/services. In the logs, it's evident that it's being blocked due to the "size body" in the AWS Managed RuleSet. I've edited SizeRestrictions_BODY...
1
answers
0
votes
260
views
asked a month agolg...
is there a way to customize the 403 error message that WAF puts out? Right now our clients are seeing:
<html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center>...
1
answers
0
votes
188
views
asked a month agolg...
I'm using the WebACL, that is included my rule group, and other account's rule group.
I know that i cannot read or modify the other's rule group, but when I try to add a new rule group or market rule...
1
answers
0
votes
204
views
asked a month agolg...