How do I use AWS WAF to block HTTP requests that don't contain a user agent header?

5 minute read
0

I want to use AWS WAF to restrict HTTP requests that don't contain a specific user agent or contain a specific user agent header value in the request.

Short description

By default, AWS WAF filters don't check whether HTTP request parameters are present. To use AWS WAF to block HTTP requests based on the user agent header, take one of the following actions:

  • Use AWS Managed Rules to block requests that don't contain a user agent header.
  • Use custom rules to block requests that don't contain a user agent header.
  • Use custom rules to block requests with a specific user agent header.

Resolution

Use AWS Managed Rules to block requests that don't contain a user agent header

If you use AWS Managed Rules for AWS WAF, then you don't have to write your own rules.

Note: AWS Managed Rules are subject to version changes and expiration. For more information, see Version management with managed rule groups.

The NoUserAgent_HEADER rule inspects for requests that don't have the HTTP User-Agent header. The SignalNonBrowserUserAgent rule inspects for user agent strings that don't seem to be from a web browser, including requests with no user agent.

Add an AWS Managed Rules rule group to your web ACL

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, under AWS WAF, choose Web ACLs.
  3. For Region, choose the AWS Region where you created your web access control list (web ACL).
    Note: If your web ACL is set up for Amazon CloudFront, then select Global.
  4. Select your web ACL.
  5. Under Rules, choose Add Rules, and then choose Add managed rule groups.
  6. Expand AWS managed rule groups.
  7. Locate the rule group that you want to add, and then select Add to web ACL.
    For example: Select Add to web ACL for Core rule set. Core rule set contains the NoUserAgent_HEADER rule.
  8. (Optional) Choose Edit to view and modify the rule group settings.
  9. Choose Add rules.
  10. Choose Save.

Edit an existing AWS Managed Rules rule group in your web ACL

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, under AWS WAF, choose Web ACLs.
  3. For Region, choose the Region where you created your web ACL.
    Note: If your web ACL is set up for CloudFront, then select Global.
  4. Select your web ACL.
  5. Under Rules, choose Edit to view and modify the settings.
    Note: For additional information on editing settings, see Working with managed rule groups.
  6. Edit your rule, and then choose Save.

If you encounter false positives with AWS Managed Rules rule groups, then see AWS Managed Rules for AWS WAF.

Use custom rules to block requests that don't contain a user agent header

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, under AWS WAF, choose Web ACLs.
  3. For Region, select the Region where you created your web ACL.
    Note: Select Global if your web ACL is set up for Amazon CloudFront.
  4. Select your web ACL.
  5. Under Rules, choose Add Rules, and then choose Add my own rules and rule groups.
  6. For Rule Type, choose Rule Builder.
  7. For Name, enter a name to identify this rule.
  8. For Type, choose Regular rule.
  9. For If a request, choose doesn't match the statement (NOT).
  10. Under Statement, for Inspect, choose Single header. Then, configure the following settings:
    For Header field name, enter a name for the field. For example: User Agent.
    For Match type, choose Size greater than.
    For Size in bytes, enter 0 (zero).
    (Optional) Choose a Text transformation, or choose None.
  11. For Action, choose Block.
  12. Choose Add Rule.
  13. (Optional) For Set Rule Priority, select your rule, and then update its priority. For more information, see Processing order of rules and rule groups in a web ACL.
  14. Choose Save.

Use custom rules to block requests with a specific user agent header.

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, under AWS WAF, choose Web ACLs.
  3. For Region, select the Region where you created your web ACL.
    Note: Select Global if your web ACL is set up for Amazon CloudFront.
  4. Select your web ACL.
  5. Under Rules, choose Add Rules, and then choose Add my own rules and rule groups.
  6. For Rule Type, choose Rule Builder.
  7. For Name, enter a name to identify your rule.
  8. For Type, choose Regular rule.
  9. For If a request, choose matches a statement.
  10. Under Statement, for Inspect, choose Single header. Then, configure the following settings:
    For Header field name, enter a name for the field. For example: User Agent.
    For Match type, choose Contains string.
    For String to match, enter the user agent that you want to block.
    (Optional) Choose a Text transformation, or choose None.
  11. For Action, choose Block.
  12. Choose Add Rule.
  13. (Optional) For Set Rule Priority, select your rule, and then update its priority. For more information, see Processing order of rules and rule groups in a web ACL.
  14. Choose Save.
AWS OFFICIAL
AWS OFFICIALUpdated 8 days ago