Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
401 views
in Technique[技术] by (71.8m points)

amazon web services - How do recent updates on AWS WAF Managed Core Rule Set work

I see that the AWS Managed Core Rule Set for Amazon Web Service (AWS) Web Application Firewall (WAF) was recently updated by AWS.

Now many rules have 2 variants, one plain and the other ending with "_COUNT" For example: RestrictedExtensions_URIPATH_COUNT
RestrictedExtensions_URIPATH

This is the page where the rules are documented but it seems the documentation is not updated yet: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html

The names suggest that one of them actually filters and the other one counts but both of them are enabled and in WAF logs I only see COUNT actions, no BLOCKS. Does anybody know how these two variants work? How do they affect each other? What will be the effect of setting "Override rules action" for each?

question from:https://stackoverflow.com/questions/65881245/how-do-recent-updates-on-aws-waf-managed-core-rule-set-work

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

COUNT by definition doesn't take any action (used just for logging purpose), so my guess is that they are doing some kind of testing of the rules.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...