search

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
https://aws.amazon.com/solutions/aws-waf-security-automations
Apache License 2.0
845 stars 361 forks source link

[log-parser] Add .general.whitelisted_domains[] config for PTR #87

Closed dhardy92 closed 1 year ago

dhardy92 commented 5 years ago

*treat Issue: #86

This create a new option .general.whitelisted_domains[] : a list of PTR domains that cannot be blocked by log-parser. example : {"general": {"errorThreshold": 50, "blockPeriod": 120, "errorCodes": ["400", "401", "403", "404", "405"], "whitelisted_domains": ["search.msn.com", "spider.yandex.com", ".googlebot.com"]}, "uriList": {}}

So chosen domains like googlebot IP ranges are not blocked if it reach some threshold When outstanding_requesters is done before merge with existing list. reverse resolution is done on each IP address. and exclude from the object.

No need to query whois and add ranges on whitelist IP set (this could be some improuvment if load on big outstanding_requesters object is heavy).

hvital commented 5 years ago

wow :) thanks for your contribution @dhardy92

This PR will be evaluated for the next version and we'll update to this thread once we have more information.

aijunpeng commented 1 year ago

Close the old PR as it doesn't apply to the latest version.