**Présentation d'une nouvelle expérience de console pour AWS WAF**
Vous pouvez désormais utiliser l'expérience mise à jour pour accéder aux AWS WAF fonctionnalités n'importe où dans la console. Pour plus de détails, consultez la section [Utilisation de la console](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html).
Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
# Exemples de protection des données
Cette section fournit des exemples de journalisation de la protection des données du trafic du pack de protection (ACL Web).
## DataProtection hachage
Configuration de Webacl
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_QUERY_ARGUMENT",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
```
Exemple DataProtection de hachage : entrée de journal avec l' SingleQuery argument « hoppy » protégée.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=" ],
"matchedFieldName": "hoppy"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "hoppy=z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## DataProtection substitution
Config Webcal
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_QUERY_ARGUMENT",
"field_keys": [
"hoppy"
]
},
"action": "SUBSTITUTION",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
```
Exemple DataProtection de substitution : entrée de journal avec l'argument de requête unique « hoppy » protégé
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": []
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "hoppy=REDACTED&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Conservation des données dans RuleMatchDetails
Configuration de Webacl
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_HEADER",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": true,
"exclude_rate_based_details": false
}
]
}
```
Exemple de conservation des données dans RuleMatchDetails : entrée de journal protégée par un seul `Header` « hoppy », mais la valeur n'est conservée que dans`RuleMatchDetails`.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "HEADER",
"matchedData": [ "10", "AND", "1" ],
"matchedFieldName": "hoppy"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "hoppy",
"value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "hoppy",
"value": "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM="
}],
"uri": "/CanaryTest",
"args": "happy=true",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Conservation des données dans rateBasedRule
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_HEADER",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": true
}
]
}
```
Exemple de conservation des données dans une rateBasedRule liste : entrée de journal avec le seul `Header` « hoppy » protégé mais la valeur n'est conservée que dans `rateBasedRuleList`
```
{
"timestamp": 1683355579981,
"formatVersion": 1,
"webaclId": ...,
"terminatingRuleId": "RateBasedRule",
"terminatingRuleType": "RATE_BASED",
"action": "BLOCK",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "EXAMPLE11:rjvegx5guh:CanaryTest",
"ruleGroupList": [],
"rateBasedRuleList": [{
"rateBasedRuleId": ...,
"rateBasedRuleName": "RateBasedRule",
"limitKey": "CUSTOMKEYS",
"maxRateAllowed": 100,
"evaluationWindowSec": "120",
"customValues": [{
"key": "HEADER",
"name": "hoppy",
"value": "ella"
}]
}],
"nonTerminatingMatchingRules": [],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "52.46.82.45",
"country": "FR",
"headers": [{
"name": "X-Forwarded-For",
"value": "52.46.82.45"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "rjvegx5guh.execute-api.eu-west-3.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-645566cf-7cb058b04d9bb3ee01dc4036"
}, {
"name": "hoppy",
"value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="
}, {
"name": "User-Agent",
"value": "RateBasedRuleTestKoipOneKeyModulePV2"
}, {
"name": "Accept-Encoding",
"value": "gzip,deflate"
}],
"uri": "/CanaryTest",
"args": "",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "Ed0AiHF_CGYF-DA="
}
}
```
## Protection des données pour Body
AWS WAF enregistre uniquement les sous-ensembles de Body in. `RuleMatchDetails`
Configuration de Webacl
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "BODY"
},
"action": "SUBSTITUTE",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
```
Exemple DataProtection pour Body : entrée de journal avec Body Subsituted. `ruleMatchDetails`
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIBody",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "BODY",
"matchedData": ["REDACTED"]
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=dog;"
}],
"uri": "/CanaryTest",
"args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Protection des données pour `SINGLE_COOKIE`
Configuration de Webacl
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_COOKIE",
"field_keys": [
"MILO"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
```
Exemple DataProtection de `SINGLE_COOKIE` : entrée de journal protégée par le `SINGLE_COOKIE` nom « MILO ».
Le journal complet indique que le cookie nommé MILO est protégé dans `ruleMatchDetails` l'en-tête du cookie. Seules les valeurs des cookies sont protégées et les noms de clés sont exclus.
**Note**
Tous les champs protégés (en-tête unique, cookie, argument de requête) ne distinguent pas les majuscules et minuscules. Ainsi, dans cet exemple, « MILO » correspond à « milo ».
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "COOKIE",
"matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="],
"matchedFieldName": "milo"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=dog;milo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg=="
}],
"uri": "/CanaryTest",
"args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Protection des données pour tous les cookies
Vous pouvez configurer la protection des données pour les cookies en utilisant`SINGLE_HEADER`. Seules les valeurs des cookies sont protégées et les noms de clés sont exclus.
```
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_HEADER",
"FieldKeys": ["cookie"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
```
Exemple DataProtection pour le `header ` « COOKIE » : entrée de journal avec l'en-tête du cookie protégé.
**Note**
Le nom du cookie `AWS-WAF-TOKEN` n'est pas couvert par la protection des données.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=REDACTED;milo=REDACTED;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg=="
}],
"uri": "/CanaryTest",
"args": "baloo=xyz=&hoppy-query=abc&x-hoppy-extra=abc",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Protection des données pour les arguments d'une seule requête
Vous pouvez configurer la protection des données pour une chaîne de requête en utilisant`SINGLE_QUERY_ARGUMENT`. Cela affecte les clés et les valeurs de tous les arguments de requête. Pour les exemples suivants, la chaîne de requête d'origine était`baloo=10 AND 1=1&hoppy=10 AND 1=1&x-hoppy-extra=generic-%3Cwords`.
Configuration de Webacl
```
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["hoppy"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
```
Exemple DataProtection de `SINGLE_QUERY_ARGUEMENT` : entrée de journal avec une chaîne de requête « hoppy » protégée par substitution.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["REDACTED"],
"matchedFieldName": "hoppy"
}]
},
{
"ruleId": "FullQueryStringInspectionWhichDetectsTheFirstFieldWithSQLi_Baloo_IsAlsoMaskedMasked",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_ARGS",
"matchedData": ["REDACTED"],
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "10", "AND", "1" ],
"matchedFieldName": "baloo"
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "baloo=10 AND 1=1&hoppy=REDACTED&x-hoppy-extra=generic-%3Cwords",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Protection des données pour les chaînes de requête
Vous pouvez configurer la protection des données pour une chaîne de requête en utilisant`QUERY_STRING`. Cela affecte les clés et les valeurs de tous les arguments de requête. Pour les exemples suivants, la chaîne de requête d'origine était`baloo=10 AND 1=1&hoppy-query=10 AND 1=1&x-hoppy-extra=generic-%3Cwords`.
Configuration de Webacl
```
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "QUERY_STRING"
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
```
Exemple DataProtection de `QUERY_STRING` : entrée de journal avec une chaîne de requête protégée par substitution.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_STRING",
"matchedData": ["REDACTED"]
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "REDACTED" ],
"matchedFieldName": "REDACTED"
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "REDACTED",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Protection des données pour plusieurs arguments de requête
Vous pouvez configurer la protection des données pour des arguments de requête individuels en utilisant`SINGLE_QUERY_ARGUMENT`. Lorsque nous communiquons des informations locales, nous utilisons des protections locales. Cependant, les chaînes qui correspondent dans la chaîne de requête et dans l'en-tête du cookie ont de nombreuses configurations de protection qui peuvent s'appliquer. Pour simplifier, la protection la plus stricte `RuleMatchDetails` est appliquée, même si elle ne se chevauche pas avec la plage de données spécifique correspondante.
Pour les exemples suivants, la chaîne de requête d'origine était`baloo=is_a_good_boy&hoppy=likes_to_sleep&x-hoppy-extra=10 AND 1=1`.
```
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["hoppy"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
},
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["baloo"]
},
"Action": "HASH",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
```
Exemple DataProtection de plusieurs arguments de requête.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["REDACTED"],
"matchedFieldName": "hoppy"
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="],
"matchedFieldName": "baloo"
}]
},
{
"ruleId": "FullQueryStringDetects_x-hoppy-extra_IsSubstituted",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_ARGS",
"matchedData": ["REDACTED"], // Harshest of Protection Config
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "baloo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=&hoppy=REDACTED&x-hoppy-extra=10 AND 1=1",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
**Note**
Vous ne pouvez pas spécifier à la fois **QueryString le masquage et le masquage** des **arguments à requête unique dans le** même WebACL.