Closed r8or0pz closed 3 years ago
It is possible that one ip can be counted by more than one rule. The result set screenshot you provided seems to come from the waf access log Athena table? The data source of the table is waf access logs which are generated by the waf service, not part of the solution.
Closing this issue. Please re-open if the problem persists.
Describe the bug I got records COUNTED whith RuleId=FOO-WAFXssRule and terminatingrulematchdetails=[] and at the same time [{ratebasedruleid=arn:aws:wafv2:us-east-1:1234567890_MANAGED:regional/ipset/f84996b6-1ad4-4cf1-b5a0-28aba233cc64_0697b993-0f0f-4dfa-b4ef-fba53e9307bc_IPV4/0697b993-0f0f-4dfa-b4ef-fba53e9307bc, limitkey=IP, maxrateallowed=200}]
To Reproduce Just enable WAF using this Repo
Expected behavior Not sure if it's expected or not
Please complete the following information about the solution:
Screenshots Resultset
Why is it WAFXssRule if it looks like it is blocked because of Rate Limit exceeded?