Hello,
In the EC2 instance, there is an image processing API, and I associate a WAF on ALB, then configured the following rule in the WAF:
const awsManagedRulesCommonRuleSet: wafv2.CfnWebACL.RuleProperty = {
name: `AWS-AWSManagedRulesCommonRuleSet`,
priority: 0,
overrideAction: { none: {} },
visibilityConfig: {
metricName: `MetricForAMRCRS`,
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
},
statement: {
managedRuleGroupStatement: {
vendorName: 'AWS',
name: 'AWSManagedRulesCommonRuleSet',
excludedRules: [
{
name: 'SizeRestrictions_BODY',
},
{
name: 'NoUserAgent_HEADER',
},
],
},
},
};
new wafv2.CfnWebACL(this, 'ServerWebACLs', {
name: 'ServerALB-WebACLs',
scope: 'REGIONAL',
defaultAction: { allow: {} },
visibilityConfig: {
metricName: 'ServerALB-WebACLs',
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
},
rules: [
awsManagedRulesCommonRuleSet,
// and some other rule,such as IPRule,SqlRule...
],
});
The request body of the API contains image data, when I call that API through Cloudfront, I keep getting a 403 error.
If I use an API that doesn't contain image data, it can be called successfully.
Why is that? Am I not configured correctly?
Thanks for your reply, from the traffic overview of the WAF, the blocked request shows that the attacktype is GenericLFI. but the api just adds an image file to form-data.
Now that you know the cause, it should be easier to find the solution.
For example, the following StackOverflow response suggests to check the image metadata, it may help you.