英文:
Remove the SizeRestrictions_BODY size rule all together
问题
在AWS文档中规定,它将仅允许8KB的请求正文。
我已经使用terraform确保以下代码中创建了所有常见的规则集。
resource "aws_wafv2_web_acl" "alb_waf_acl" {
name = "api-alb-waf-acl-${var.usage}"
scope = "REGIONAL"
description = "WAF ACL for the Data Refinery ALB"
default_action {
allow {}
}
rule {
name = "base-rule"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
vendor_name = "AWS"
name = "AWSManagedRulesCommonRuleSet"
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "api-alb-waf-acl-base-rule-${var.usage}"
sampled_requests_enabled = false
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "api-alb-waf-acl-${var.usage}"
sampled_requests_enabled = false
}
tags = {
Name = "api_alb_waf_acl_${var.usage}"
}
}
resource "aws_wafv2_web_acl_association" "alb_waf_association" {
resource_arn = aws_lb.alb.arn
web_acl_arn = aws_wafv2_web_acl.alb_waf_acl.arn
timeouts {
create = "10m"
}
}
如何更改代码以删除SizeRestrictions_BODY规则或使其无效?
英文:
In AWS documentation rule states that it will allow only 8kb of request body.
I have used terraform to make sure that all common rule set are created in below code.
resource "aws_wafv2_web_acl" "alb_waf_acl" {
name = "api-alb-waf-acl-${var.usage}"
scope = "REGIONAL"
description = "WAF ACL for the Data Refinery ALB"
default_action {
allow {}
}
rule {
name = "base-rule"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
vendor_name = "AWS"
name = "AWSManagedRulesCommonRuleSet"
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "api-alb-waf-acl-base-rule-${var.usage}"
sampled_requests_enabled = false
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "api-alb-waf-acl-${var.usage}"
sampled_requests_enabled = false
}
tags = {
Name = "api_alb_waf_acl_${var.usage}"
}
resource "aws_wafv2_web_acl_association" "alb_waf_association" {
resource_arn = aws_lb.alb.arn
web_acl_arn = aws_wafv2_web_acl.alb_waf_acl.arn
timeouts {
create = "10m"
}
}
How do I change the code such that I can remove the SizeRestrictions_BODY rule or make it disfunctional.
答案1
得分: 0
我刚刚在Body中允许了一切使用以下代码:
rule_action_override {
name = "SizeRestrictions_BODY"
action_to_use {
allow {}
}
}
以下是我的整个代码:
resource "aws_wafv2_web_acl" "alb_waf_acl" {
name = "api-alb-waf-acl-${var.usage}"
scope = "REGIONAL"
description = "WAF ACL for the Data Refinery ALB"
default_action {
allow {}
}
rule {
name = "base-rule"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
vendor_name = "AWS"
name = "AWSManagedRulesCommonRuleSet"
rule_action_override {
name = "SizeRestrictions_BODY"
action_to_use {
allow {}
}
}
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "api-alb-waf-acl-base-rule-${var.usage}"
sampled_requests_enabled = false
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "api-alb-waf-acl-${var.usage}"
sampled_requests_enabled = false
}
tags = {
Name = "api_alb_waf_acl_${var.usage}"
}
}
请注意,这将允许所有大小,不会限制到特定大小!
英文:
I just allowed everything in Body using
rule_action_override {
name = "SizeRestrictions_BODY"
action_to_use {
allow {}
}
}
Here is my whole code
resource "aws_wafv2_web_acl" "alb_waf_acl" {
name = "api-alb-waf-acl-${var.usage}"
scope = "REGIONAL"
description = "WAF ACL for the Data Refinery ALB"
default_action {
allow {}
}
rule {
name = "base-rule"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
vendor_name = "AWS"
name = "AWSManagedRulesCommonRuleSet"
rule_action_override {
name = "SizeRestrictions_BODY"
action_to_use {
allow {}
}
}
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "api-alb-waf-acl-base-rule-${var.usage}"
sampled_requests_enabled = false
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "api-alb-waf-acl-${var.usage}"
sampled_requests_enabled = false
}
tags = {
Name = "api_alb_waf_acl_${var.usage}"
}
}
Note that this will allow all sizes and won't restrict to a certain size!
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论