使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

WAF Log Filters Not Dropping Specified Requests

0

We are attempting to create logging filters for our WAF policies. I created the following conditions for logging:

Rule action: BLOCK Keep in logs

Rule action: ALLOW - Drop from logs

Default logging behavior Drop from logs

However, requests with the rule action ALLOW are still being logged. Are there any additional steps I can take to filter out log conditions?

主題
安全性、身分識別與合規開發人員工具管理與治理
標籤
AWS WAF監控與記錄
語言
English
AWS-User-8005909
已提問 2 年前檢視次數 533 次
1 個回答
0

Hi !

Thanks for reaching out to Re:Post !

Going through the above logging configuration, the reason you are still seeing ALLOW requests in the log is because those requests might be allowed by the default action of the Web ACL if it is set to allow . WAF logging filter with rule ACTION does not consider requests acted upon by the default action Web ACL behavior.

Deciding on the default action for a web ACL - https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html

AWS
支援工程師
Ansh_C
已回答 2 年前
  • rePost-User-4900825
    1 年前

    I have the same issue, so what is the proper way to log only the blocked requests if there is a default action ALLOW in web ACL?

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容