Using AWS WAF ATP on more than one login page

Question

Is it possible to use one ATP rule to protect more than one login page in the AWS WAF?

For context, I have one ACL on WAF protecting one login page. We're expanding some systems and adding some new separate login pages. I would like to keep the protection under one single ACL but I'm struggling to figure out a way to have the ATP rules applying to more than one login page.

Answer

It doesn't appear to be possible with a single ATP rule as you can only specify one login path per rule currently. You can see in the API docs that only a string value (not array) is accepted: https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesATPRuleSet.html#WAF-Type-AWSManagedRulesATPRuleSet-LoginPath

Using AWS WAF ATP on more than one login page

相关内容