Apresentando uma nova experiência de console para AWS WAF
Agora você pode usar a experiência atualizada para acessar a AWS WAF funcionalidade em qualquer lugar do console. Consulte mais detalhes em Trabalhando com a experiência atualizada do console.
As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
Exemplos de proteção de dados
Esta seção fornece exemplos de registro de proteção de dados do tráfego do pacote de proteção ou da Web ACL.
DataProtection hashing
Configuração do Webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_QUERY_ARGUMENT", "field_keys": [ "hoppy" ] }, "action": "HASH", "exclude_rule_match_details": false, "exclude_rate_based_details": false } ] }
Exemplo DataProtection de hashing: entrada de registro com o SingleQuery argumento “hoppy” protegido.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [{ "ruleId": "ProtectedSQLIHeadersVisibleInSTM", "action": "COUNT", "ruleMatchDetails": [{ "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": [ "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=" ], "matchedFieldName": "hoppy" }] }], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "hoppy=z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
DataProtection substituição
Configuração do Webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_QUERY_ARGUMENT", "field_keys": [ "hoppy" ] }, "action": "SUBSTITUTION", "exclude_rule_match_details": false, "exclude_rate_based_details": false } ] }
Exemplo de DataProtection substituição: entrada de registro com o argumento de consulta única “hoppy” protegido
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [] "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "hoppy=REDACTED&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Retenção de dados em RuleMatchDetails
Configuração do Webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_HEADER", "field_keys": [ "hoppy" ] }, "action": "HASH", "exclude_rule_match_details": true, "exclude_rate_based_details": false } ] }
Exemplo de retenção de dados em RuleMatchDetails: Entrada de registro com um único Header “hoppy” protegido, mas o valor é retido somente em. RuleMatchDetails
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [{ "ruleId": "ProtectedSQLIHeadersVisibleInSTM", "action": "COUNT", "ruleMatchDetails": [{ "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "HEADER", "matchedData": [ "10", "AND", "1" ], "matchedFieldName": "hoppy" }] }], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "hoppy", "value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }, { "name": "hoppy", "value": "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=" }], "uri": "/CanaryTest", "args": "happy=true", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Retenção de dados em rateBasedRule
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_HEADER", "field_keys": [ "hoppy" ] }, "action": "HASH", "exclude_rule_match_details": false, "exclude_rate_based_details": true } ] }
Exemplo de retenção de dados na rateBasedRule lista: entrada de registro com o único Header “hoppy” protegido, mas o valor é retido somente em rateBasedRuleList
{ "timestamp": 1683355579981, "formatVersion": 1, "webaclId": ..., "terminatingRuleId": "RateBasedRule", "terminatingRuleType": "RATE_BASED", "action": "BLOCK", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "EXAMPLE11:rjvegx5guh:CanaryTest", "ruleGroupList": [], "rateBasedRuleList": [{ "rateBasedRuleId": ..., "rateBasedRuleName": "RateBasedRule", "limitKey": "CUSTOMKEYS", "maxRateAllowed": 100, "evaluationWindowSec": "120", "customValues": [{ "key": "HEADER", "name": "hoppy", "value": "ella" }] }], "nonTerminatingMatchingRules": [], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "52.46.82.45", "country": "FR", "headers": [{ "name": "X-Forwarded-For", "value": "52.46.82.45" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "rjvegx5guh.execute-api.eu-west-3.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-645566cf-7cb058b04d9bb3ee01dc4036" }, { "name": "hoppy", "value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=" }, { "name": "User-Agent", "value": "RateBasedRuleTestKoipOneKeyModulePV2" }, { "name": "Accept-Encoding", "value": "gzip,deflate" }], "uri": "/CanaryTest", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "Ed0AiHF_CGYF-DA=" } }
Proteção de dados para Body
AWS WAF registra somente subconjuntos de Body inRuleMatchDetails.
Configuração do Webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "BODY" }, "action": "SUBSTITUTE", "exclude_rule_match_details": false, "exclude_rate_based_details": false } ] }
Exemplo DataProtection de corpo: entrada de registro com corpo substituído em. ruleMatchDetails
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [{ "ruleId": "ProtectedSQLIBody", "action": "COUNT", "ruleMatchDetails": [{ "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "BODY", "matchedData": ["REDACTED"] }] }], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }, { "name": "cookie", "value": "hoppy=dog;" }], "uri": "/CanaryTest", "args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para o SINGLE_COOKIE
Configuração do Webacl
"data_protection_config": { "data_protections": [ { "field": { "field_type": "SINGLE_COOKIE", "field_keys": [ "MILO" ] }, "action": "HASH", "exclude_rule_match_details": false, "exclude_rate_based_details": false } ] }
Exemplo DataProtection paraSINGLE_COOKIE: Entrada de registro com um SINGLE_COOKIE nome “MILO” protegido.
O registro completo mostra que o cookie chamado MILO está protegido ruleMatchDetails e o cabeçalho do cookie. Somente os valores dos cookies são protegidos e os nomes das chaves são excluídos.
nota
Todos os campos protegidos (cabeçalho único, cookie, argumento de consulta) não diferenciam maiúsculas de minúsculas. Então, neste exemplo, “MILO” corresponde a “milo”.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [{ "ruleId": "ProtectedSQLIHeadersVisibleInSTM", "action": "COUNT", "ruleMatchDetails": [{ "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "COOKIE", "matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="], "matchedFieldName": "milo" }] }], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }, { "name": "cookie", "value": "hoppy=dog;milo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg==" }], "uri": "/CanaryTest", "args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para todos os cookies
Você pode configurar a proteção de dados para cookies usandoSINGLE_HEADER. Somente os valores dos cookies são protegidos e os nomes das chaves são excluídos.
"DataProtectionConfig": { "DataProtections": [ { "Field": { "FieldType": "SINGLE_HEADER", "FieldKeys": ["cookie"] }, "Action": "SUBSTITUTION", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false } ] }
Exemplo DataProtection de header “COOKIE”: Entrada de registro com o cabeçalho do cookie protegido.
nota
O nome do cookie AWS-WAF-TOKEN está fora do escopo da proteção de dados.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }, { "name": "cookie", "value": "hoppy=REDACTED;milo=REDACTED;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg==" }], "uri": "/CanaryTest", "args": "baloo=xyz=&hoppy-query=abc&x-hoppy-extra=abc", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para argumentos de consulta única
Você pode configurar a proteção de dados para uma sequência de caracteres de consulta usando SINGLE_QUERY_ARGUMENT o. Isso afeta as chaves e os valores de todos os argumentos de consulta. Para os exemplos a seguir, a string de consulta original erabaloo=10 AND 1=1&hoppy=10 AND 1=1&x-hoppy-extra=generic-%3Cwords.
Configuração do Webacl
"DataProtectionConfig": { "DataProtections": [ { "Field": { "FieldType": "SINGLE_QUERY_ARGUMENT", "FieldKeys": ["hoppy"] }, "Action": "SUBSTITUTION", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false } ] }
Exemplo DataProtection paraSINGLE_QUERY_ARGUEMENT: entrada de registro com a string de consulta “hoppy” protegida com substituição.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [ { "ruleId": "ProtectedHoppyQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": ["REDACTED"], "matchedFieldName": "hoppy" }] }, { "ruleId": "FullQueryStringInspectionWhichDetectsTheFirstFieldWithSQLi_Baloo_IsAlsoMaskedMasked", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "QUERY_ARGS", "matchedData": ["REDACTED"], }] }, { "ruleId": "ProtectedBalooQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": [ "10", "AND", "1" ], "matchedFieldName": "baloo" }] } ], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "baloo=10 AND 1=1&hoppy=REDACTED&x-hoppy-extra=generic-%3Cwords", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para cadeias de caracteres de consulta
Você pode configurar a proteção de dados para uma sequência de caracteres de consulta usando QUERY_STRING o. Isso afeta as chaves e os valores de todos os argumentos de consulta. Para os exemplos a seguir, a string de consulta original erabaloo=10 AND 1=1&hoppy-query=10 AND 1=1&x-hoppy-extra=generic-%3Cwords.
Configuração do Webacl
"DataProtectionConfig": { "DataProtections": [ { "Field": { "FieldType": "QUERY_STRING" }, "Action": "SUBSTITUTION", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false } ] }
Exemplo DataProtection paraQUERY_STRING: Entrada de registro com string de consulta protegida com substituição.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [ { "ruleId": "ProtectedHoppyQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "QUERY_STRING", "matchedData": ["REDACTED"] }] }, { "ruleId": "ProtectedBalooQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": [ "REDACTED" ], "matchedFieldName": "REDACTED" }] } ], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "REDACTED", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
Proteção de dados para vários argumentos de consulta
Você pode configurar a proteção de dados para argumentos de consulta individuais usando o. SINGLE_QUERY_ARGUMENT Ao denunciar informações locais, usamos proteções locais. No entanto, as sequências de caracteres que correspondem à sequência de caracteres de consulta e ao cabeçalho do cookie têm muitas configurações de proteção que podem ser aplicadas. Para simplificar, a proteção mais rigorosa RuleMatchDetails é aplicada, mesmo que não se sobreponha ao intervalo de dados específico correspondente.
Para os exemplos a seguir, a string de consulta original erabaloo=is_a_good_boy&hoppy=likes_to_sleep&x-hoppy-extra=10 AND 1=1.
"DataProtectionConfig": { "DataProtections": [ { "Field": { "FieldType": "SINGLE_QUERY_ARGUMENT", "FieldKeys": ["hoppy"] }, "Action": "SUBSTITUTION", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false }, { "Field": { "FieldType": "SINGLE_QUERY_ARGUMENT", "FieldKeys": ["baloo"] }, "Action": "HASH", "ExcludeRuleMatchDetails": false, "ExcludeRateBasedDetails": false } ] }
Exemplo DataProtection de vários argumentos de consulta.
{ "timestamp": 1738705092889, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "746533260405:xt7v59bhn7:ABC", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [ { "ruleId": "ProtectedHoppyQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": ["REDACTED"], "matchedFieldName": "hoppy" }] }, { "ruleId": "ProtectedBalooQueryArg", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "SINGLE_QUERY_ARG", "matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="], "matchedFieldName": "baloo" }] }, { "ruleId": "FullQueryStringDetects_x-hoppy-extra_IsSubstituted", "action": "COUNT", "ruleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "QUERY_ARGS", "matchedData": ["REDACTED"], // Harshest of Protection Config }] } ], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { "clientIp": "54.239.98.137", "country": "US", "headers": [{ "name": "X-Forwarded-For", "value": "54.239.98.137" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3" }, { "name": "Accept-Encoding", "value": "gzip" }, { "name": "User-Agent", "value": "okhttp/3.12.1" }], "uri": "/CanaryTest", "args": "baloo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=&hoppy=REDACTED&x-hoppy-extra=10 AND 1=1", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "FepO0F8fIAMEqoQ=" }, "labels": [{ "name": "awswaf:forwardedip:geo:country:US" }, { "name": "awswaf:forwardedip:geo:region:US-VA" }] }
nota
Você não pode especificar o QueryString mascaramento e o mascaramento de argumentos de consulta única na mesma WebACL.
