Questions tagged [amazon-waf]
11 questions
1
vote
1 answer
AWS Managed Rule Pricing
I completely read the AWS page for AWS WAF pricing, however I am still not sure how much would it cost if I create a single AWS WAF and hire just the AWS Managed Rule Set "Core Rule Set"
As I understand it should be 5 US/month for the WAF and just 1…
Matias Haeussler
- 113
- 5
0
votes
0 answers
why AWS Cloudformation template drifted while migrating from waf classic to waf v2 using aws provided wizard?
I tried to migrate waf classic to waf v2 using aws provided wizard in aws classic and deployed the same template in CF. It is drifted in state without making any changes to the resources manually. while expected output and actually same but it is…
chandu_reddim
- 1
- 1
0
votes
1 answer
DDOS AWS API Gateway protection
I have publicly exposed API Gateway (HTTP). To authenticate you have to provide a valid JWT.
I want to secure this APIGW with Cloudfront + WAF. After reading docs I think that API Gateway endpoint is still exposed to the Internet. The only thing…
krzysiexp
- 3
- 2
0
votes
1 answer
How to get DDOS+WAF protection on IP/server (not domain)
I've used CloudFlare and it's great.
But in this specific case we control the server IP address but we don't own the domain so can't use CloudFlare unfortunately because the domain owner isn't ready to migrate his DNS to CloudFlare.
I would really…
michaelr524
- 139
- 1
- 4
0
votes
0 answers
Blocking Symbols on Body Aws WAF
I want to block string in the body that contains "&" character for example but it doesn't work
I tried to use Html decode Text transformation and also doesn't work. If I try with a word for example "phone" and I include this word in the body works…
Ernst
- 11
- 2
0
votes
0 answers
Handling DDoS HTTP Attack
I’ve experiencing DDoS attack today and I’ve configured Cloudflare rate limiter, also activated WAF. Cloudflare blocked several hundred thousands request. Unfortunately, my server still experiencing pretty high flood request. I don’t know why it…
Putra
- 1
- 1
0
votes
1 answer
AWS CloudWatch parse JSON case insensitive
On the WAF section of the AWS console there is a tab for "CloudWatch Log Insights" that provides a few sample queries. One of these is "Top 100 hosts".
fields @timestamp, @message
| parse @message '{"name":"Host","value":"*"}' as host
| stats…
ficuscr
- 115
- 7
0
votes
1 answer
Do AWS WAF logs capture all traffic, or just rule matches?
I want to implement some AWS WAF rules but I need more knowledge of the quantity (origin, resource, etc) of requests that come through my loadbalancer.
Can I skip ALB logs and get logs for requests to ALB using WAF? Or, does WAF only produce logs…
JoeS
- 11
- 2
0
votes
0 answers
WAF-protected ALB scaling costs in DDoS scenario
I have an ALB behind Cloudfront. Both of which have SSL certificates and therefore provide SSL offloading, both protected with WAF WebACLs. The ALB's ACL checks a header - a common practice protecting ALB from direct access (bypassing CF).
-SSL--> …
almondandapricot
- 1
- 1
0
votes
0 answers
SQL Cookie Flagging Rule
I my scenario SQL cookie rule being triggered but the cookies do not have anything malicious in them WAF. Could anyone please let me know why this is?
I've replicated the issue with false positive (blocked valid request) by the Rule SQLi_COOKIE from…
santosh baruah
- 11
- 2
0
votes
0 answers
Throwing 404 errors AWS
What might be the possible reason why the 502s were being returned here?
The 403s also look like WAF is firing them. Could anyone please suggest a way to allow those resources to be safely given to clients?
Below is a list of the errors:
Non 200…
samtech
- 1
- 2