如何通过操作覆盖使用 AWS WAF 托管规则自定义响应？

Question

为什么 AWS WAF 托管规则通过操作覆盖自定义响应不起作用？

这里有明确记录：

这不起作用，我仍然看到默认的 AWS WAF 403 响应，而不是我的自定义纯文本错误：

Resources:
  Waf:
    Type: AWS::WAFv2::WebACL
    Properties:
      Scope: CLOUDFRONT
      DefaultAction:
        Allow: {} # Allow for requests that don't match any rules
      CustomResponseBodies:
        SecurityViolationError:
          ContentType: TEXT_PLAIN
          Content: Request blocked due to security concerns as it was detected as malicious.
      Rules:
        - Priority: 0
          Name: BlockSqlInjection
          OverrideAction:
            None: {}
          Statement:
            ManagedRuleGroupStatement:
              VendorName: AWS
              Name: AWSManagedRulesSQLiRuleSet
              Version: Version_2.0
              RuleActionOverrides:
                - Name: SQLi_QUERYARGUMENTS
                  ActionToUse:
                    Block:
                      CustomResponse:
                        ResponseCode: 403
                        CustomResponseBodyKey: SecurityViolationError
                - Name: SQLi_BODY
                  ActionToUse:
                    Block:
                      CustomResponse:
                        ResponseCode: 403
                        CustomResponseBodyKey: SecurityViolationError
                - Name: SQLi_COOKIE
                  ActionToUse:
                    Block:
                      CustomResponse:
                        ResponseCode: 403
                        CustomResponseBodyKey: SecurityViolationError
                - Name: SQLiExtendedPatterns_QUERYARGUMENTS
                  ActionToUse:
                    Block:
                      CustomResponse:
                        ResponseCode: 403
                        CustomResponseBodyKey: SecurityViolationError
                - Name: SQLiExtendedPatterns_BODY
                  ActionToUse:
                    Block:
                      CustomResponse:
                        ResponseCode: 403
                        CustomResponseBodyKey: SecurityViolationError

我确实知道托管规则的自定义响应正在与标签匹配一起使用：

这有效，我可以看到我的自定义纯文本错误：

Resources:
  Waf:
    Type: AWS::WAFv2::WebACL
    Properties:
      Scope: CLOUDFRONT
      DefaultAction:
        Allow: {} # Allow for requests that don't match any rules
      CustomResponseBodies:
        SecurityViolationError:
          ContentType: TEXT_PLAIN
          Content: Request blocked due to security concerns as it was detected as malicious.
      Rules:
        - Priority: 0
          Name: LabelSqlInjection
          OverrideAction:
            Count: {}
          Statement:
            ManagedRuleGroupStatement:
              VendorName: AWS
              Name: AWSManagedRulesSQLiRuleSet
              Version: Version_2.0
          - Priority: 1
            Name: BlockSecurityViolationError
            Statement:
              LabelMatchStatement:
                Scope: NAMESPACE
                Key: "awswaf:managed:aws:sql-database:"
            Action:
              Block:
                CustomResponse:
                  ResponseCode: 403
                  CustomResponseBodyKey: SecurityViolationError

但这需要有一个额外的规则，引入额外成本。

我错过了什么吗？ 自定义响应可以通过托管规则组操作覆盖实现吗？

AWS 文档中是否缺少某些内容？

Answer 1

您无法更改托管规则的自定义响应。您可以更改的只是操作类型。如果您深入研究托管规则的云形成文档，您会发现“RuleActionsOverides”仅允许您更改“ActionToUse”。没有像模板中那样的“CustomResponse”字段。

正如您所提到的，目前实现自定义响应的唯一方法是在标签上设置自定义规则。

如何通过操作覆盖使用 AWS WAF 托管规则自定义响应？

问题描述投票：0回答：1

1个回答

最新问题

如何通过操作覆盖使用 AWS WAF 托管规则自定义响应？

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1