admin管理员组文章数量:1122832
I am trying to build out a WAF rule that will be used to protect a public endpoint.
The rule is built as follows:
- If the path matches 'some_uri'
- AND NOT single header 'header_1' with size greater than 0
- AND NOT single header 'header_2' with size greater than 0
- Block!
In simple terms, if a request is to 'some_uri' then it must have 2 (and potentially other) headers - 'header_1' and 'header_2' - that both have some non-zero value.
I am struggling to implement it and unable to determine what the cause is. The rule is defined with 2 seperate single header inspections, however it is not behaving as expected. Below are some of the test scenarios I have tried - the last is the confusing one...
- If I make a request without either of the required headers, the request is blocked (GOOD).
- If I make a request with one of the required headers without a value, the request is blocked (GOOD).
- If I make a request with both required headers without a value, the request is blocked (GOOD).
- However, if I make a request with both required headers where one has a value, the request is not blocked (BAD).
I cannot understand why the last scenario above is not being blocked..
From my testing it seems that the single header checks are 'combined' into a single test, rather than treated as two, independent evaluations.
I am trying to build out a WAF rule that will be used to protect a public endpoint.
The rule is built as follows:
- If the path matches 'some_uri'
- AND NOT single header 'header_1' with size greater than 0
- AND NOT single header 'header_2' with size greater than 0
- Block!
In simple terms, if a request is to 'some_uri' then it must have 2 (and potentially other) headers - 'header_1' and 'header_2' - that both have some non-zero value.
I am struggling to implement it and unable to determine what the cause is. The rule is defined with 2 seperate single header inspections, however it is not behaving as expected. Below are some of the test scenarios I have tried - the last is the confusing one...
- If I make a request without either of the required headers, the request is blocked (GOOD).
- If I make a request with one of the required headers without a value, the request is blocked (GOOD).
- If I make a request with both required headers without a value, the request is blocked (GOOD).
- However, if I make a request with both required headers where one has a value, the request is not blocked (BAD).
I cannot understand why the last scenario above is not being blocked..
From my testing it seems that the single header checks are 'combined' into a single test, rather than treated as two, independent evaluations.
Share Improve this question edited Nov 21, 2024 at 15:23 dingo asked Nov 21, 2024 at 15:14 dingodingo 9068 silver badges26 bronze badges1 Answer
Reset to default 0This was a misunderstanding on my part about the evaluation of logic statements in WAF.
Written out, the logic statement required was: IF request_path AND NOT (header_1 AND header_2)
Where the initial implementation was: IF request_path AND NOT header_1 AND NOT header_2
My desired outcome was achieved by evaluating the presence and values of both header_1 and header_2 in a self contained AND statement within the rule.
版权声明:本文标题:amazon web services - AWS WAF Block Requests Without Multiple Specified Headers & Values - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736309508a1934047.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论