1 Answer
- Newest
- Most votes
- Most comments
0
Hello Gabriel, It is possible to do this through the ByteMatch statements, though the hash of the malware needs to be known. The WAF Rule that you'd include would look something like this : ByteMatchSet | ByteMatch | Headers | Content-Type | 0 | eq | MD5 | ##################### (Known HASH). I've included a document below with the official AWS documentation that shows how to do this in different formats. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-bytematchset.html
answered 9 months ago
Relevant content
- asked 6 months ago
- asked 6 months ago
AWS OFFICIALUpdated 4 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
How are you obtaining the malware hashes and how do you expect them to be sent during a http request?