Ir para o conteúdo
Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post
sobre o re:Post

How do I configure a custom response in AWS WAF for web requests blocked by a specific rule?

3 minuto de leitura
0

I want to configure a custom response for requests that are blocked by a specific rule that's in an AWS WAF rule group.

Resolution

In the Count rule action, set the AWS WAF managed rule that you want to configure a custom response for. Then, create a custom rule below the managed rule group to generate the custom response. If the request matches the label that the managed rule generates, then the response is sent.

The following example sets a custom response for the AWS WAF managed rule CrossSiteScripting_QueryArguments in the core rule set (CRS) managed rule group.

Create a custom response message used by rule actions

Complete the following steps:

  1. Open the AWS WAF console.
  2. For Region, choose your AWS region.
  3. In the navigation pane, choose AWS WAF.
  4. Choose Resources & protection packs.
  5. Under Protection pack behavior, choose Protection packs.
  6. Choose Manage.
  7. Choose Create custom response body.
  8. For Response body object name, enter a name.
  9. For Content type, choose Plain text.
    Note: The response body can be JSON, HTML, or plaintext.
  10. For Response body, enter your response message.
  11. Choose Save.

Note: Amazon CloudFront and Amazon API Gateway also support custom responses. However, AWS WAF custom responses for Block actions take priority over any response specifications that are defined in your protected resource.

Create a custom rule to send the custom response

Complete the following steps:

  1. Open the AWS WAF console.
  2. For Region, choose the AWS region where you created your protection pack.
  3. In the navigation pane, choose Resources & protection packs.
  4. On the right side of protection pack, select the icon next to region name to choose the protection pack.
  5. In your selected protection pack, select Rules.
  6. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  7. In the right pane for Manage rules choose Add rules.
  8. Choose Custom rule and select Next.
  9. For Rule Type, choose Custom rule and select Next.
  10. To set up your rule, configure the following values:
    For Action, choose Block for custom rules.
    For Name, enter a name for your rule.
    For If the request, choose matches the statement.
    For Inspect, choose Has a label.
    For Match scope, choose Label.
    For Match key, enter the rule label. For example, awswaf:managed:aws:core-rule-set:CrossSiteScripting_QueryArguments.
    Expand Custom response, choose Enable.
    For Response code, enter your response code, for example 307.
    (Optional) For Response headers, choose Add a new custom header.
    For Key, enter a header name.
    For Value, enter a header value.
  11. In the dropdown, Choose how you would like to specify the response body - optional, choose the custom response body.
  12. Select Create Rule.

Note: For a list of supported HTTP status codes for custom responses, see Supported status codes for custom response.

Related information

How do I create complex custom JSON rules in AWS WAF?

AWS Managed Rules rule groups list

Why does my AWS WAF custom rule not work?

Customize requests and responses with AWS WAF

Tópicos
Security, Identity, & Compliance
Tags
AWS WAF
Idioma
English
AWS OFICIALAtualizada há 7 meses
Sem comentários

Conteúdo relevante