AWS WAF:如何使用Terraform阻止不包含特定标头的请求
我想阻止不包含授权标头的请求。我提出了以下规则,但我看到不包含此标头的请求也被允许。指定此条件的正确方法是什么AWS WAF:如何使用Terraform阻止不包含特定标头的请求,terraform,terraform-provider-aws,amazon-waf,Terraform,Terraform Provider Aws,Amazon Waf,我想阻止不包含授权标头的请求。我提出了以下规则,但我看到不包含此标头的请求也被允许。指定此条件的正确方法是什么 rule { name = "restrict-requests-without-authorization-header" priority = 2 action { block {} } statement { size_constraint_statement { field_
rule {
name = "restrict-requests-without-authorization-header"
priority = 2
action {
block {}
}
statement {
size_constraint_statement {
field_to_match {
single_header {
name = "authorization"
}
}
comparison_operator = "LE"
size = 0
text_transformation {
priority = 0
type = "NONE"
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "restrict-requests-without-authorization-header-metrics"
sampled_requests_enabled = true
}
}
您需要创建如下规则和正则表达式模式(可以是通配符): 规则: 这可以是regex模式:
resource "aws_wafv2_regex_pattern_set" "your_regex_pattern" {
name = "your-regex-pattern"
scope = "REGIONAL"
regular_expression {
regex_string = "prefix-.*"
}
}
弄清楚你所说的“似乎不起作用”是什么意思也可能有用。您是如何测试它的?结果是什么?您是否尝试过发出具有
授权
标题但长度值为零的请求?我想知道如果授权标头不存在,是否会跳过此规则。在大小限制为3的情况下进行测试可能更容易,并发送带有短头和长头值的请求以检查行为
resource "aws_wafv2_regex_pattern_set" "your_regex_pattern" {
name = "your-regex-pattern"
scope = "REGIONAL"
regular_expression {
regex_string = "prefix-.*"
}
}