Closed pethers closed 3 years ago
issue-label-bot[bot]
commented
4 years ago Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.94. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
pethers
commented
4 years ago sample basic template
Description: Create WebACL example Resources: ExampleWebACL: Type: AWS::WAFv2::WebACL Properties: Name: ExampleWebACL Scope: REGIONAL Description: This is an example WebACL DefaultAction: Allow: {} VisibilityConfig: SampledRequestsEnabled: true CloudWatchMetricsEnabled: true MetricName: ExampleWebACLMetric Rules:
pethers
commented
4 years ago The WCU limit for web ACLs is 1,500.
VendorName: AWS, Name: AWSManagedRulesAmazonIpReputationList, WCU: 25 VendorName: AWS, Name: AWSManagedRulesCommonRuleSet, WCU: 700 VendorName: AWS, Name: AWSManagedRulesKnownBadInputsRuleSet, WCU: 200 VendorName: AWS, Name: AWSManagedRulesLinuxRuleSet, WCU: 200 VendorName: AWS, Name: AWSManagedRulesUnixRuleSet, WCU: 100
Total WCU : 1225
pethers
commented
4 years ago exclude rules GenericLFI_BODY and GenericRFI_BODY from AWSManagedRulesCommonRuleSet, causes issues with https://dev.cia.hack23.com/. No: websocket request visible
pethers
commented
4 years ago Waiting for cloudformation support for AWS::WAFv2::WebACLAssociation https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/344
pethers
commented
3 years ago done
Amazon IP Reputation VendorName: AWS, Name: AWSManagedRulesAmazonIpReputationList, WCU: 25 This group contains rules that are based on Amazon internal threat intelligence. This is useful if you would like to block IP addresses typically associated with bots or other threats. Blocking these IP addresses can help mitigate bots and reduce the risk of a malicious actor discovering a vulnerable application.
Core Rule Set (CRS) VendorName: AWS, Name: AWSManagedRulesCommonRuleSet, WCU: 700 The Core Rule Set (CRS) rule group contains rules that are generally applicable to web applications. This provides protection against exploitation of a wide range of vulnerabilities, including those described in OWASP publications and many Common Vulnerabilities and Exposures (CVE). Consider using this rule group for any AWS WAF use case.
Known Bad Inputs VendorName: AWS, Name: AWSManagedRulesKnownBadInputsRuleSet, WCU: 200 The Known Bad Inputs rule group contains rules to block request patterns that are known to be invalid and are associated with exploitation or discovery of vulnerabilities. This can help reduce the risk of a malicious actor discovering a vulnerable application.
LINUX operating system VendorName: AWS, Name: AWSManagedRulesLinuxRuleSet, WCU: 200 The Linux Operating System rule group contains rules that block request patterns associated with exploitation of vulnerabilities specific to Linux, including Linux-specific Local File Inclusion (LFI) attacks. This can help prevent attacks that expose file contents or execute code for which the attacker should not have had access. You should evaluate this rule group if any part of your application runs on Linux. You should use this rule group in conjunction with the POSIX Operating System rule group.
POSIX Operating System VendorName: AWS, Name: AWSManagedRulesUnixRuleSet, WCU: 100 The POSIX Operating System rule group contains rules that block request patterns associated with exploitation of vulnerabilities specific to POSIX and POSIX-like operating systems, including Local File Inclusion (LFI) attacks. This can help prevent attacks that expose file contents or execute code for which the attacker should not have had access. You should evaluate this rule group if any part of your application runs on a POSIX or POSIX-like operating system, including Linux, AIX, HP-UX, macOS, Solaris, FreeBSD, OpenBSD, and many others.