Apresentando uma nova experiência de console para AWS WAF
Agora você pode usar a experiência atualizada para acessar a AWS WAF funcionalidade em qualquer lugar do console. Para obter mais detalhes, consulte Trabalhando com o console.
As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
Exemplos de proteção de dados
Esta seção contém exemplos de log de registro em log de proteção de dados de tráfego de pacote de proteção (ACL da Web).
DataProtection hashing
Configuração de webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_QUERY_ARGUMENT", "field_keys": [ "hoppy" ] }, "action": "HASH", "exclude_rule_match_details": false, "exclude_rate_based_details": false } ] }
Exemplo DataProtection de hashing: entrada de registro com o SingleQuery argumento “hoppy” protegido.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [{ "ruleId": "ProtectedSQLIHeadersVisibleInSTM", "action": "COUNT", "ruleMatchDetails": [{ "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": [ "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=" ], "matchedFieldName": "hoppy" }] }], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "hoppy=z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
DataProtection substituição
Configuração de webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_QUERY_ARGUMENT", "field_keys": [ "hoppy" ] }, "action": "SUBSTITUTION", "exclude_rule_match_details": false, "exclude_rate_based_details": false } ] }
Exemplo de DataProtection substituição: entrada de registro com o argumento de consulta única “hoppy” protegido
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [] "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "hoppy=REDACTED&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Retenção de dados em RuleMatchDetails
Configuração de webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_HEADER", "field_keys": [ "hoppy" ] }, "action": "HASH", "exclude_rule_match_details": true, "exclude_rate_based_details": false } ] }
Exemplo de retenção de dados em RuleMatchDetails: Entrada de registro com um único Header “hoppy” protegido, mas o valor é retido somente em. RuleMatchDetails
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [{ "ruleId": "ProtectedSQLIHeadersVisibleInSTM", "action": "COUNT", "ruleMatchDetails": [{ "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "HEADER", "matchedData": [ "10", "AND", "1" ], "matchedFieldName": "hoppy" }] }], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "hoppy", "value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }, { "name": "hoppy", "value": "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=" }], "uri": "/CanaryTest", "args": "happy=true", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Retenção de dados em rateBasedRule
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_HEADER", "field_keys": [ "hoppy" ] }, "action": "HASH", "exclude_rule_match_details": false, "exclude_rate_based_details": true } ] }
Exemplo de retenção de dados na rateBasedRule lista: entrada de registro com o único Header “hoppy” protegido, mas o valor é retido somente em rateBasedRuleList
{ "timestamp": 1683355579981, "formatVersion": 1, "webaclId": ..., "terminatingRuleId": "RateBasedRule", "terminatingRuleType": "RATE_BASED", "action": "BLOCK", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "EXAMPLE11:rjvegx5guh:CanaryTest", "ruleGroupList": [], "rateBasedRuleList": [{ "rateBasedRuleId": ..., "rateBasedRuleName": "RateBasedRule", "limitKey": "CUSTOMKEYS", "maxRateAllowed": 100, "evaluationWindowSec": "120", "customValues": [{ "key": "HEADER", "name": "hoppy", "value": "ella" }] }], "nonTerminatingMatchingRules": [], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "52.46.82.45", "country": "FR", "headers": [{ "name": "X-Forwarded-For", "value": "52.46.82.45" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "rjvegx5guh.execute-api.eu-west-3.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-645566cf-7cb058b04d9bb3ee01dc4036" }, { "name": "hoppy", "value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=" }, { "name": "User-Agent", "value": "RateBasedRuleTestKoipOneKeyModulePV2" }, { "name": "Accept-Encoding", "value": "gzip,deflate" }], "uri": "/CanaryTest", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "Ed0AiHF_CGYF-DA=" } }
Proteção de dados para corpo
AWS WAF registra somente subconjuntos de Body inRuleMatchDetails.
Configuração de webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "BODY" }, "action": "SUBSTITUTE", "exclude_rule_match_details": false, "exclude_rate_based_details": false } ] }
Exemplo DataProtection de corpo: entrada de registro com corpo substituído em. ruleMatchDetails
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [{ "ruleId": "ProtectedSQLIBody", "action": "COUNT", "ruleMatchDetails": [{ "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "BODY", "matchedData": ["REDACTED"] }] }], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }, { "name": "cookie", "value": "hoppy=dog;" }], "uri": "/CanaryTest", "args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para o SINGLE_COOKIE
Configuração de webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_COOKIE", "field_keys": [ "MILO" ] }, "action": "HASH", "exclude_rule_match_details": false, "exclude_rate_based_details": false } ] }
Exemplo DataProtection paraSINGLE_COOKIE: Entrada de registro com um SINGLE_COOKIE nome “MILO” protegido.
O log completo mostra que o cookie denominado MILO está protegido em ruleMatchDetails e o cabeçalho do cookie. Somente os valores de cookies são protegidos e os nomes de chaves são excluídos.
nota
Todos os campos protegidos (cabeçalho único, cookie, argumento de consulta) não diferenciam maiúsculas de minúsculas. Então, neste exemplo, “MILO” corresponde a “milo”.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [{ "ruleId": "ProtectedSQLIHeadersVisibleInSTM", "action": "COUNT", "ruleMatchDetails": [{ "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "COOKIE", "matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="], "matchedFieldName": "milo" }] }], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }, { "name": "cookie", "value": "hoppy=dog;milo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg==" }], "uri": "/CanaryTest", "args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para todos os cookies
Você pode configurar a proteção de dados para cookies usando SINGLE_HEADER. Somente os valores de cookies são protegidos e os nomes de chaves são excluídos.
"DataProtectionConfig": { "DataProtections": [ { "Field": { "FieldType": "SINGLE_HEADER", "FieldKeys": ["cookie"] }, "Action": "SUBSTITUTION", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false } ] }
Exemplo DataProtection de header “COOKIE”: Entrada de registro com o cabeçalho do cookie protegido.
nota
O nome do cookie AWS-WAF-TOKEN está fora do escopo de proteção de dados.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }, { "name": "cookie", "value": "hoppy=REDACTED;milo=REDACTED;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg==" }], "uri": "/CanaryTest", "args": "baloo=xyz=&hoppy-query=abc&x-hoppy-extra=abc", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para argumentos de consulta única
Você pode configurar a proteção de dados uma string de consulta usando SINGLE_QUERY_ARGUMENT. Isso afeta as chaves e os valores de todos os argumentos de consulta. Nos exemplos a seguir, a string de consulta original era baloo=10 AND 1=1&hoppy=10 AND 1=1&x-hoppy-extra=generic-%3Cwords.
Configuração de webacl
"DataProtectionConfig": { "DataProtections": [ { "Field": { "FieldType": "SINGLE_QUERY_ARGUMENT", "FieldKeys": ["hoppy"] }, "Action": "SUBSTITUTION", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false } ] }
Exemplo DataProtection paraSINGLE_QUERY_ARGUEMENT: entrada de registro com a string de consulta “hoppy” protegida com substituição.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [ { "ruleId": "ProtectedHoppyQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": ["REDACTED"], "matchedFieldName": "hoppy" }] }, { "ruleId": "FullQueryStringInspectionWhichDetectsTheFirstFieldWithSQLi_Baloo_IsAlsoMaskedMasked", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "QUERY_ARGS", "matchedData": ["REDACTED"], }] }, { "ruleId": "ProtectedBalooQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": [ "10", "AND", "1" ], "matchedFieldName": "baloo" }] } ], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "baloo=10 AND 1=1&hoppy=REDACTED&x-hoppy-extra=generic-%3Cwords", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para strings de consulta
Você pode configurar a proteção de dados uma string de consulta usando QUERY_STRING. Isso afeta as chaves e os valores de todos os argumentos de consulta. Nos exemplos a seguir, a string de consulta original era baloo=10 AND 1=1&hoppy-query=10 AND 1=1&x-hoppy-extra=generic-%3Cwords.
Configuração de webacl
"DataProtectionConfig": { "DataProtections": [ { "Field": { "FieldType": "QUERY_STRING" }, "Action": "SUBSTITUTION", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false } ] }
Exemplo DataProtection paraQUERY_STRING: Entrada de registro com string de consulta protegida com substituição.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [ { "ruleId": "ProtectedHoppyQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "QUERY_STRING", "matchedData": ["REDACTED"] }] }, { "ruleId": "ProtectedBalooQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": [ "REDACTED" ], "matchedFieldName": "REDACTED" }] } ], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "REDACTED", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para argumentos de várias consultas
Você pode configurar a proteção de dados para argumentos de consultas individuais usando SINGLE_QUERY_ARGUMENT. Ao fornecer informações locais, usamos proteções locais. Porém, as strings que corresponderam em string de consulta e cabeçalho de cookie têm muitas configurações de proteção que poderiam ser aplicadas. Para simplificar, a proteção mais rigorosa para RuleMatchDetails é aplicada, mesmo que não se sobreponha ao intervalo de dados específico correspondente.
Nos exemplos a seguir, a string de consulta original era baloo=is_a_good_boy&hoppy=likes_to_sleep&x-hoppy-extra=10 AND 1=1.
"DataProtectionConfig": { "DataProtections": [ { "Field": { "FieldType": "SINGLE_QUERY_ARGUMENT", "FieldKeys": ["hoppy"] }, "Action": "SUBSTITUTION", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false }, { "Field": { "FieldType": "SINGLE_QUERY_ARGUMENT", "FieldKeys": ["baloo"] }, "Action": "HASH", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false } ] }
Exemplo DataProtection de vários argumentos de consulta.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [ { "ruleId": "ProtectedHoppyQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": ["REDACTED"], "matchedFieldName": "hoppy" }] }, { "ruleId": "ProtectedBalooQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="], "matchedFieldName": "baloo" }] }, { "ruleId": "FullQueryStringDetects_x-hoppy-extra_IsSubstituted", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "QUERY_ARGS", "matchedData": ["REDACTED"], // Harshest of Protection Config }] } ], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "baloo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=&hoppy=REDACTED&x-hoppy-extra=10 AND 1=1", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
nota
Você não pode especificar o QueryString mascaramento e o mascaramento de argumentos de consulta única na mesma WebACL.
