(XSS_URIPATH or XSS_Cookie or XSS_Body or XSS_QueryArguments) AND (NOT whitelisted URIString) = BLOCK Create an allow rule configured with lower priority than that of AWSManagedRulesCommonRuleSet. Keep the following rules from the AWSManagedRulesCommonRuleSet rule group in Count mode:Ģ.
To allow specific URIs, do the following:ġ. The labels are used in the rule defined later in the Web ACL to selectively exclude specific requests (based on URI, in this example). When a request matches the preceding rules, AWS WAF generates the corresponding labels. For more information, see Use-case specific rule groups. Similarly, the rule group AWSManagedRulesSQLiRuleSet has rules to inspect query parameters, the body, and a cookie for an SQLi Injection attack pattern. For more information, see Core rule set (CRS) managed rule group. The AWSManagedRulesCommonRuleSet rule group has BLOCK action that inspects for an XSS attack string in the corresponding part of the request. The AWS managed rule group AWSManagedRulesCommonRuleSet contains the following rules: You can use similar logic to allow specific headers, query parameters, and so on. You must customize these rules for PositionalConstraint, SearchString, TextTransformations, and so on. Note: The following example rule configurations are for reference only. Example rules for allowing specific URIs from XSS or SQLi inspection In the query string, ' abc' and ' xyz' are the query parameters with values ' 123' and ' 567', respectively. Any string following ' ?' is called the query string, such as ' abc=123&xyz=567' in the preceding example.
In the preceding request, the URI path is ' /path/string1'. Resolution Example HTTP or HTTPS request To do this, use nested statements to write the allow rule so that the request is evaluated against all the other rules. You can exclude specific URI paths from XSS and SQLi inspection to avoid false positives. False positives sometimes occur during XSS and SQLi rule inspection for AWS Managed Rules and custom rules.
0 kommentar(er)
