Open cturner-pulsion opened 1 year ago
The default disable introspection rule is non compliant with a recent WAF change which makes the OversizeHandling property required.
OversizeHandling
AWS issued a warning email that after March 31 2023, any updates to WAF Web ACL's without oversize handling, will fail.
In the meanwhile, I have been able to workaround the limitation by defining a new rule manually
wafConfig: enabled: true rules: - name: "DisableIntrospection" priority: 200 action: Block statement: ByteMatchStatement: FieldToMatch: Body: OversizeHandling: "CONTINUE" PositionalConstraint: "CONTAINS" SearchString: "__schema" TextTransformations: - Type: "COMPRESS_WHITE_SPACE" Priority: 0
Ideally it would be possible to provide an oversize handling like can be done with Name and Priority. However, a default of "Continue" can be applied in line with the AWS default.
Name
Priority
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html
The default disable introspection rule is non compliant with a recent WAF change which makes the
OversizeHandlingproperty required.AWS issued a warning email that after March 31 2023, any updates to WAF Web ACL's without oversize handling, will fail.
In the meanwhile, I have been able to workaround the limitation by defining a new rule manually
Ideally it would be possible to provide an oversize handling like can be done with
NameandPriority. However, a default of "Continue" can be applied in line with the AWS default.https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html