Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
如何在 AWS WAF 中创建复杂的自定义 JSON 规则?
我想在 AWS WAF 中创建复杂的自定义 JSON 规则。
解决方法
在 AWS WAF 控制台中,在 Web ACL 和规则组 (Rule groups) 下的规则 JSON 编辑器 (Rule JSON editor) 中创建复杂的自定义规则。通过规则组或定义规则的 Web 访问控制列表 (Web ACL) 来访问规则。
要创建使用嵌套语句的自定义规则,必须使用 JSON 编辑器。嵌套语句结合了 AND、OR 或 NOT 逻辑。有关更多信息,请参阅规则语句基础知识。
要创建规则语句,请使用 AWS WAF 控制台中的规则可视化编辑器 (Rule visual editor)。然后,选择规则 JSON 编辑器 (Rule JSON editor),查看 JSON 语句并在 JSON 编辑器中进行必要的更改。
使用以下示例作为参考,创建自己的自定义规则逻辑。
示例 1
使用以下自定义规则语句,允许来自 United States - US 且具有 /wp-admin/ 或 /wp-login/ URI 的请求:
{ "Name": "test", "Priority": 100, "Statement": { "AndStatement": { "Statements": [ { "GeoMatchStatement": { "CountryCodes": [ "US" ] } }, { "OrStatement": { "Statements": [ { "ByteMatchStatement": { "SearchString": "/wp-admin/", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "CONTAINS" } }, { "ByteMatchStatement": { "SearchString": "/wp-login/", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "CONTAINS" } } ] } } ] } }, "Action": { "Allow": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "test" } }
**规则逻辑:**请求是(来自 US)AND URI is ( /a OR /b ) )。
示例 2
使用以下自定义规则语句,阻止正文中有 XSS 签名的请求。该规则将 /test、/login 和 /admin 排除在检查范围之外:
{ "Name": "XSS_Block_Allow_Uploads", "Priority": 100, "Statement": { "AndStatement": { "Statements": [ { "XssMatchStatement": { "FieldToMatch": { "Body": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ] } }, { "NotStatement": { "Statement": { "OrStatement": { "Statements": [ { "ByteMatchStatement": { "SearchString": "/test", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "EXACTLY" } }, { "ByteMatchStatement": { "SearchString": "/admin", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "EXACTLY" } }, { "ByteMatchStatement": { "SearchString": "/login", "FieldToMatch": { "UriPath": {} }, "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ], "PositionalConstraint": "EXACTLY" } } ] } } } } ] } }, "Action": { "Block": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "XSS_Block_Allow_Uploads" } }
**规则逻辑:**请求(在正文中有 XSS 签名)AND URI is NOT ( /a OR /b, OR /c )。
示例 3
使用以下自定义规则语句,阻止包含 internal 自定义标签的请求。请求也不能有主机、IP 地址和 URI 的特定组合:
{ "Name": "Block_internal_unauthorized", "Priority": 100, "Statement": { "AndStatement": { "Statements": [ { "LabelMatchStatement": { "Scope": "LABEL", "Key": "internal" } }, { "NotStatement": { "Statement": { "AndStatement": { "Statements": [ { "ByteMatchStatement": { "FieldToMatch": { "UriPath": {} }, "PositionalConstraint": "EXACTLY", "SearchString": "/test", "TextTransformations": [{ "Type": "NONE", "Priority": 0 }] } }, { "IPSetReferenceStatement": { "ARN": "arn:aws:wafv2:us-east-1:xxxxxxxxxxxx:regional/ipset/internal_IPs/xxx-xx-xxx" } }, { "ByteMatchStatement": { "FieldToMatch": { "SingleHeader": { "Name": "host" } }, "PositionalConstraint": "EXACTLY", "SearchString": "example.com", "TextTransformations": [{ "Type": "NONE", "Priority": 0 }] } } ] } } } } ] } }, "Action": { "Block": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "Block_internal_unauthorized" } }
**规则逻辑:**如果请求(包含标签)AND not (URI and IP and host),则阻止请求。
相关内容
- AWS 官方已更新 4 年前
