2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
Hi,
It could be useful to configure AWS WAF for sending web ACL traffic logs to CloudWatch and identify the rules that the request matched.
1
You've included the awsManagedRulesCommonRuleSet
- looking at the documentation it includes a rule that is defined as follows:
SizeRestrictions_BODY
Inspects for request bodies that are over 8 KB (8,192 bytes).
Rule action: Block
So perhaps don't use that rule set?
Thanks for your reply, but I'm exclude the rule in my code, not include.
Contenuto pertinente
- AWS UFFICIALEAggiornata 4 mesi fa
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
Thanks for your reply, from the traffic overview of the WAF, the blocked request shows that the attacktype is GenericLFI. but the api just adds an image file to form-data.
Now that you know the cause, it should be easier to find the solution.
For example, the following StackOverflow response suggests to check the image metadata, it may help you.