问题

在AWS文档中规定，它将仅允许8KB的请求正文。

我已经使用terraform确保以下代码中创建了所有常见的规则集。

resource "aws_wafv2_web_acl" "alb_waf_acl" {
  name        = "api-alb-waf-acl-${var.usage}"
  scope       = "REGIONAL"
  description = "WAF ACL for the Data Refinery ALB"

  default_action {
    allow {}
  }

  rule {
    name     = "base-rule"
    priority = 1

    override_action {
      none {}
    }

    statement {
      managed_rule_group_statement {
        vendor_name = "AWS"
        name        = "AWSManagedRulesCommonRuleSet"
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = false
      metric_name                = "api-alb-waf-acl-base-rule-${var.usage}"
      sampled_requests_enabled   = false
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = false
    metric_name                = "api-alb-waf-acl-${var.usage}"
    sampled_requests_enabled   = false
  }

  tags = {
    Name = "api_alb_waf_acl_${var.usage}"
  }
}

resource "aws_wafv2_web_acl_association" "alb_waf_association" {
  resource_arn = aws_lb.alb.arn
  web_acl_arn  = aws_wafv2_web_acl.alb_waf_acl.arn

  timeouts {
    create = "10m"
  }
}

如何更改代码以删除SizeRestrictions_BODY规则或使其无效？

英文:

In AWS documentation rule states that it will allow only 8kb of request body.

I have used terraform to make sure that all common rule set are created in below code.

resource &quot;aws_wafv2_web_acl&quot; &quot;alb_waf_acl&quot; {
  name        = &quot;api-alb-waf-acl-${var.usage}&quot;
  scope       = &quot;REGIONAL&quot;
  description = &quot;WAF ACL for the Data Refinery ALB&quot;

  default_action {
    allow {}
  }

  rule {
    name     = &quot;base-rule&quot;
    priority = 1

    override_action {
      none {}
    }

    statement {
      managed_rule_group_statement {
        vendor_name = &quot;AWS&quot;
        name        = &quot;AWSManagedRulesCommonRuleSet&quot;
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = false
      metric_name                = &quot;api-alb-waf-acl-base-rule-${var.usage}&quot;
      sampled_requests_enabled   = false
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = false
    metric_name                = &quot;api-alb-waf-acl-${var.usage}&quot;
    sampled_requests_enabled   = false
  }

  tags = {
    Name = &quot;api_alb_waf_acl_${var.usage}&quot;
  }


resource &quot;aws_wafv2_web_acl_association&quot; &quot;alb_waf_association&quot; {
  resource_arn = aws_lb.alb.arn
  web_acl_arn  = aws_wafv2_web_acl.alb_waf_acl.arn

  timeouts {
    create = &quot;10m&quot;
  }
}

How do I change the code such that I can remove the SizeRestrictions_BODY rule or make it disfunctional.

答案1

得分: 0

我刚刚在Body中允许了一切使用以下代码：

rule_action_override {
  name = "SizeRestrictions_BODY"
  action_to_use {
    allow {}
  }
}

以下是我的整个代码：

resource "aws_wafv2_web_acl" "alb_waf_acl" {
  name        = "api-alb-waf-acl-${var.usage}"
  scope       = "REGIONAL"
  description = "WAF ACL for the Data Refinery ALB"

  default_action {
    allow {}
  }

  rule {
    name     = "base-rule"
    priority = 1

    override_action {
      none {}
    }

    statement {
      managed_rule_group_statement {
        vendor_name = "AWS"
        name        = "AWSManagedRulesCommonRuleSet"
        rule_action_override {
          name = "SizeRestrictions_BODY"
          action_to_use {
            allow {}
          }
        }
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = false
      metric_name                = "api-alb-waf-acl-base-rule-${var.usage}"
      sampled_requests_enabled   = false
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = false
    metric_name                = "api-alb-waf-acl-${var.usage}"
    sampled_requests_enabled   = false
  }

  tags = {
    Name = "api_alb_waf_acl_${var.usage}"
  }
}

请注意，这将允许所有大小，不会限制到特定大小！

英文:

I just allowed everything in Body using

 rule_action_override {
      name = &quot;SizeRestrictions_BODY&quot;
      action_to_use {
        allow {}
      }
    }

Here is my whole code

resource &quot;aws_wafv2_web_acl&quot; &quot;alb_waf_acl&quot; {
  name        = &quot;api-alb-waf-acl-${var.usage}&quot;
  scope       = &quot;REGIONAL&quot;
  description = &quot;WAF ACL for the Data Refinery ALB&quot;

  default_action {
    allow {}
  }

  rule {
    name     = &quot;base-rule&quot;
    priority = 1

    override_action {
      none {}
    }

    statement {
      managed_rule_group_statement {
        vendor_name = &quot;AWS&quot;
        name        = &quot;AWSManagedRulesCommonRuleSet&quot;
        rule_action_override {
          name = &quot;SizeRestrictions_BODY&quot;
          action_to_use {
            allow {}
          }
        }
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = false
      metric_name                = &quot;api-alb-waf-acl-base-rule-${var.usage}&quot;
      sampled_requests_enabled   = false
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = false
    metric_name                = &quot;api-alb-waf-acl-${var.usage}&quot;
    sampled_requests_enabled   = false
  }

  tags = {
    Name = &quot;api_alb_waf_acl_${var.usage}&quot;
  }
}

Note that this will allow all sizes and won't restrict to a certain size!

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

删除SizeRestrictions_BODY大小规则。

问题

答案1

Customer Managed Key in Azure Data Factory

Terraform on Azure – I am trying to call the results of a for_each block in one resource in another resource

Deploy .zip archive (python code) to Azure Function using TerraForm

有没有办法在提供者测试中避免硬编码 Terraform TypeSet 的哈希索引值？

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论