Questions tagged with AWS WAF
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Hello,
I am trying to setup WAF IP blocking but just cannot seem to get it working at all. I have added my own IP and I can still access all our services just fine, from DBs to ECS to EC2 servers,...
1
answers
0
votes
84
views
asked 20 hours agolg...
How to use AWS WAF to prevent "awselb/2.0" server information exposure in HTTP response header?lg...
![vulnerability snapshot](/media/postImages/original/IM2QRdsK_0Tx-P4R-ruiM5jg)
We identified this vulnerability in our VAPT reports. unfortunately, AWS doesn't provide any option to remove the header....
2
answers
0
votes
149
views
asked 3 days agolg...
In AWS WAF, I'm trying to do a really simple regex to match a URI path but have it be case insensitive.
I am not a regex expert so it's possible this is wrong, but it tests ok at Regex101. And it's...
Accepted AnswerAWS WAF
1
answers
0
votes
126
views
asked 5 days agolg...
I'm currently using another company's VPS and Cloudflare as a CDN, but I've encountered security issues with my server. That's why I want to migrate my server to AWS EC2 and CloudFront. In my past...
1
answers
0
votes
353
views
asked 10 days agolg...
I followed the steps described in this documentation:
https://docs.aws.amazon.com/waf/latest/developerguide/waf-js-captcha-api.html
When a user tries to complete a Captcha verification on the JS...
1
answers
0
votes
191
views
asked 11 days agolg...
Hello.
I found an article stating that the maximum request rate for a web ACL is 25,000 per second. I want to know what happens if I exceed this limit in my requests.
Does the WAF respond with...
Accepted AnswerAWS WAF
2
answers
0
votes
155
views
asked 12 days agolg...
Good morning I have the following scenario protecting the cognito client_credential flow with additional programmatic control using cognito lambda triggers.
After a bit of testing and reading the...
1
answers
0
votes
146
views
asked 20 days agolg...
Currently we are facing a DDoS attack on our application every 3-4 days. We have configured a WAF rate limiting rule that seems to work correctly against our load testing tool but doesnt seem to block...
1
answers
0
votes
226
views
asked 23 days agolg...
We have a WAF set up in front of our API that is hosted in ECS/Fargate. One of the endpoints allows to upload (POST) an installer binary for our download area.
So far Windows installers work fine,...
Accepted AnswerAWS WAF
1
answers
0
votes
165
views
asked 24 days agolg...
We have 2 identical prod environments in AWS and the end-user send the exact same payload in those environments. However, one works fine, the other is blocked by **AWS Managed WAF Ruleset-Size...
1
answers
0
votes
256
views
asked a month agolg...
There's an endpoint blocked by AWS WAF. Let's say /api/services. In the logs, it's evident that it's being blocked due to the "size body" in the AWS Managed RuleSet. I've edited SizeRestrictions_BODY...
1
answers
0
votes
271
views
asked a month agolg...
is there a way to customize the 403 error message that WAF puts out? Right now our clients are seeing:
<html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center>...
1
answers
0
votes
197
views
asked a month agolg...