WAF & Load Balancer Integration Impact

0

I created a web application firewall (WAF) integration with my load balancer:

  1. AWS-AWSManagedRulesAmazonIpReputationList
  2. AWS-AWSManagedRulesCommonRuleSet
  3. AWS-AWSManagedRulesKnownBadInputsRuleSet

But I noticed that it started impacting my edit access on certain applications (403 Forbidden administrator access). Why is that?

3 Answers
2

It sounds like your requests are matching one of the managed rules, and are being blocked (false positives). You may need to tune some of the rules to reduce these, or you could create an exception for your own requests. For example, you could create a rule that allows all requests from your IP address and place it at the top of the WebACL. This would effectively exempt your requests from any of the managed rules.

To find out exactly which rule is matching your requests, you'll need to do some log analysis - take a look at this article for instructions and sample queries.

AWS
EXPERT
Paul_L
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
1
Accepted Answer

You can create a custom rule in AWS WAF that allows all requests from specific, trusted IP addresses and place this rule at the top of the Web Access Control List (WebACL). By doing so, requests from these IPs will be allowed through before any of the managed rules have a chance to block them.

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
1

Adding to the great answers above, you could look through the CloudWatch Logs for your IP addresses to understand what's the rule that you are triggering.

AWS
xavi
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions