Getting COUNT for WAFXssRule and Rate Based Rule at the same time

[r8or0pz]

Describe the bug I got records COUNTED whith RuleId=FOO-WAFXssRule and terminatingrulematchdetails=[] and at the same time [{ratebasedruleid=arn:aws:wafv2:us-east-1:1234567890_MANAGED:regional/ipset/f84996b6-1ad4-4cf1-b5a0-28aba233cc64_0697b993-0f0f-4dfa-b4ef-fba53e9307bc_IPV4/0697b993-0f0f-4dfa-b4ef-fba53e9307bc, limitkey=IP, maxrateallowed=200}]

To Reproduce Just enable WAF using this Repo

Expected behavior Not sure if it's expected or not

Please complete the following information about the solution:

• Version: [v2.3.3]
• Region: [us-east-1]
• Was the solution modified from the version published on this repository? [No]
• Have you checked your service quotas for the sevices this solution uses? [No]
• Were there any errors in the CloudWatch Logs? [No]

Screenshots Resultset

Why is it WAFXssRule if it looks like it is blocked because of Rate Limit exceeded?

[aijunpeng]

It is possible that one ip can be counted by more than one rule. The result set screenshot you provided seems to come from the waf access log Athena table? The data source of the table is waf access logs which are generated by the waf service, not part of the solution.

[maykays]

Closing this issue. Please re-open if the problem persists.