Questions tagged with AWS WAF

I Is it possible to attach NLB in AWS WAF, If yes this option not showing in console. Could you please provide step how to do that, what are changes need to done. We configured same region, same VPC but option not showing in NLB in WAF console.lg...

We want to use the AWS WAF to block traffic from known bad IPs. However, when looking at the documentation and posts about the AWSManagedRulesAmazonIpReputationList rule set, it seems it only blocks identified BOTS, but doesn't distinguish between known malicious IPs and others. Is that correct? If so, does AWS have managed rules that can help me accomplish what I need?lg...

While creating an FMS WAFv2 policy using Terraform I receive the following error: ``` Firehose name prefix is not valid: arn:aws:firehose:us-east-1:xxxx:deliverystream/test-stream-name ``` However firehose seems a valid arn, so what gives?lg...

Good day Team, Is there currently any functionality to : 1) Assign a custom DNS name to the Amazon Grafana Workspace URL AND disable the default/managed URL. 2) Run this custom URL behind AWS WAF.lg...

From what I can tell, it doesn't seem to be possible to retrieve the OversideHandling property for a WAF rule using a Lambda function. The WAF is returned using `client.get_web_acl(...)`, however the `OversizeHandling` is stripped out of the rules inside the WAF. This is problematic because our workflow is that we create a stack in CloudFormation using [aws-waf-security-automations](https://github.com/aws-solutions/aws-waf-security-automations), then have a lambda run to make our own customisations to these rules and save them. Because the OversizeHandling is stripped during this process, the end result we are not compliant with the breaking changes being introduced at the end of this month that makes specifying the OversizeHandling mandatory. I've created a simple proof of concept to demonstrate this: **WAF** Note the `OversizeHandling` is present in the Body of the SqliMatchStatement ``` { "Name": "test-waf2-CloudFrontWAFAutomationsTest-1JLD9J7O1XHCD", ... "Rules": [ ... { "Name": "test-waf2-CloudFrontWAFAutomationsTest-1JLD9J7O1XHCDSqlInjectionRule", "Priority": 20, "Statement": { "OrStatement": { "Statements": [ ... { "SqliMatchStatement": { "FieldToMatch": { "Body": { "OversizeHandling": "CONTINUE" } }, "TextTransformations": [ { "Priority": 1, "Type": "URL_DECODE" }, { "Priority": 2, "Type": "HTML_ENTITY_DECODE" } ], "SensitivityLevel": "LOW" } } ... ``` **Test lambda:** ``` import json import logging import boto3 logger = logging.getLogger(__name__) logger.setLevel(logging.INFO) client = boto3.client('wafv2') def lambda_handler(event, context): web_acl = client.get_web_acl(Name="test-waf2-CloudFrontWAFAutomationsTest-1JLD9J7O1XHCD", Id="b01b9488-6255-443a-b3f5-5f384dc4f0b9", Scope="CLOUDFRONT") logger.info("Web ACL: %s", web_acl) ``` **Lambda log output** Note there is no OversizeHandling under the Body of the SqliMatchStatement. The SensitivityLevel also appears to be missing. ``` { "WebACL":{ "Name":"test-waf2-CloudFrontWAFAutomationsTest-1JLD9J7O1XHCD" ... "Rules":[ ... { "Name":"test-waf2-CloudFrontWAFAutomationsTest-1JLD9J7O1XHCDSqlInjectionRule", "Priority":20, "Statement":{ "OrStatement":{ "Statements":[ ... { "SqliMatchStatement":{ "FieldToMatch":{ "Body":{ } }, "TextTransformations":[ { "Priority":1, "Type":"URL_DECODE" }, { "Priority":2, "Type":"HTML_ENTITY_DECODE" } ] } }, ``` Does anyone have any idea why the OversizeHandling is being stripped, or have a suggestion for a workaround? Thank you!lg...

Hi, Im trying to deploy a AWS WAF behind the AWS Network firewall. Currently my setup has two Subnets under one VPC Public and Private. Under Public Subner have give the firewall to work and private subnet for the WEB server just enabled http service. Right now im trying to deploy AWS WAF behind the Network Firewall. Is this possible or how should i take this forward on this.lg...

How do I enable a WAF rule for an website hosted in LightSail ?lg...

I have a custom error page as HTTP Response when a page is blocked, for labels generated in SQLi Ruleset. It works. But, when I add another Rule in the same Rule Group for CommonRuleSet (CrossSiteScripting), it is not getting evaluated. Everything for this is similar to the one that is working, but it is still not getting evaluted! I followed the Priority and also the COUNT setting for the Rules that I need to have Label generated. Anyone came across this scenario?lg...

I am trying to set a WAF ACL on top of my CloudFront distribution. Initial idea behind the implementation is the idea of having a Video On Demand streaming. So basically I do have a web application, which is hosted on my HTTP web server. The web application wants to access a specific video resources, stored in my previously configured S3 bucket. There is an AOI created on top of it, so my CloudFront distribution shares the files stored in a previously mentioned S3 bucket. I do want to prevent access to the files that can be accessed through a CloudFront distribution URL, and limit the access so only my web server which hosts my web application, can read those files. All other potential attackers and users who does not access files via my web application, should be rejected. I already created a AWS WAF ACL with the allow action access policy on my set of IPs (within set of IPs there is only my web server IP which hosts my web application listed) and associate it within a rule as well as associate my WAF ACL with a previously mentioned CloudFront distribution. I am looking for a way to enable video download through CloudFront distribution only via my web application. I've looked in a signed URLs implementation, but I do have a problem because i need to specify my video URL link into my web application through a simple web form on course level, which does not enable me some sort of dynamically set a signed URL once I could generate it.lg...

Hi, I am working on a requirement wherein I have to restrict the incoming requests to Lamba function behind the AWS API Gateway to be less than 800 KB. This needs to implemented preferrably at the Gateway level and need to implement it in Terraform as Infrastructure-as-Code. I am thinking that AWS [WAF SizeConstraint](https://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraintStatement.html) might be the answer but looks like it will only inspect up to 4096 bytes and also not sure how to implement a filter that rejects incoming requests greater than 800 KB body size in Terraform. Thanks in Advancelg...

Hi Team, I have created a Firewall manager for WAF policy and associated both managed rules and custom rule. After creation in I am seeing the policy being created in the respective associated accounts but when I am navigating to the cloud watch to see the metrics I am not able to see the all the metrics being generated.. As a example I have associated an rate limiting waf policy to the firewall manager which I am able to see in the WAF console but the metrics which is being created is not available in cloud watch console.. Just wanted to know if I need to enable any other configuration to get those ..lg...

How to enable WAF rule for an website hosted in LightSail ?lg...