How can I configure a custom response for AWS WAF managed rules?

3 分钟阅读
0

I want to configure a custom response for requests that are blocked by an AWS WAF managed rule inside an AWS WAF managed rule group.

Resolution

Set the AWS WAF managed rule that you want to configure a custom response for in the Count rule action. Then, create a custom rule below the managed rule group to generate the custom response. If the request matches the label that the managed rule set in Count generates, then the response is sent.

The following example sets a custom response for the AWS WAF managed rule CrossSiteScripting_QueryArguments in the Core rule set (CRS) managed rule group.

Create a custom response message

  1. Open the AWS WAF console in your AWS Region.
  2. In the navigation pane, choose Web ACLs, and then choose your web access control list (web ACL).
  3. Choose Custom response bodies, and then choose Create custom response body.
  4. For Response body object name, enter a name.
  5. For Content type, choose Plain text.
    Note: The response body can be JSON, HTML, or plaintext.
  6. In Response body, enter your response message, and then choose Save.

Note: Amazon CloudFront and Amazon API Gateway also support custom responses. However, AWS WAF custom responses take priority over any response specifications that are defined in your protected resource. For more information, see Custom responses for Block actions.

Create a custom rule to send the custom response

  1. Open the AWS WAF console in your Region.
  2. In the navigation pane, choose Web ACLs, and then choose your web ACL.
  3. Choose the Rules tab, choose Add rules, and then choose Add my own rules and groups.
  4. For Rule type, choose Rule builder.
  5. For Name, enter a name for your rule.
  6. For Type, choose Regular rule.
  7. Choose the If a request dropdown list, and then choose matches the statement.
  8. Choose the Inspect dropdown list, and then choose Has a label.
  9. For Match scope, choose Label.
  10. For Match key, enter the rule label. For example, awswaf:managed:aws:core-rule-set:CrossSiteScripting_QueryArguments.
  11. For Action, choose Block.
  12. Expand Custom response, and then choose Enable.
  13. For Response code, enter your response code. For example, 307.
  14. For Response headers, choose Add a new custom header.
  15. For Key enter a header name.
  16. For Value enter a header value.
  17. In Choose how you would like to specify the response body - optional, choose the dropdown list.
  18. Choose the custom response body that you created, and then choose Add Rule.

Note: For a list of supported HTTP status codes for custom responses, see Supported status codes for custom response.

Related information

How do I create complex custom AWS WAF JSON rules?

AWS Managed Rules rule groups list

Why is my AWS WAF custom rule not working?

Customize requests and responses with AWS WAF

AWS 官方
AWS 官方已更新 7 个月前