How to disable managed ruleset options - Githubissues

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

https://aws.amazon.com/solutions/aws-waf-security-automations

Apache License 2.0

835 stars 358 forks source link

How to disable managed ruleset options #264

Open sbe-arg opened 2 months ago

sbe-arg commented 2 months ago

Any way to change from BLOCK to something else, at least COUNT a list of managed rules?

Sometimes there are application that need some of the rules softened or disabled such as Body size and others...

https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-baseline.html

Somehow a list array to enter rule names that will be set to count?

edited to add context links: we need to allow expand the statement logic with rule action overrides from an array?

https://github.com/aws-solutions/aws-waf-security-automations/blob/main/deployment/aws-waf-security-automations-webacl.template#L473

https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html

https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleactionoverride.html

kroeter commented 2 months ago

Thanks for the post - we have another released planned for this solution in H2 of this year and I'll consider this during our next grooming session. Let me know if you're open for further discussion of other features that you'd like to see for this solution.