堆栈内存溢出
  简体   繁体   English

AWS WAF 规则只接受 POST 请求

[英]AWS WAF rule to only accept POST requests

 原文  2022-05-02 11:46:35       aws-cdk/ amazon-waf

问题描述

I am trying to create a WAF rule that only accepts POST requests.我正在尝试创建一个只接受 POST 请求的 WAF 规则。 Via the UI this was straight forward, however trying to achieve the same with the CDK.通过 UI,这是直截了当的,但是试图通过 CDK 实现相同的目标。 I think I have most of it complete, but the Method is giving me problems.我想我已经完成了大部分,但是方法给我带来了问题。 I would have thought it should be HttpMethod.Post but that does not work.我原以为它应该是HttpMethod.Post但这不起作用。

Here is what I have:这是我所拥有的:

      Amazon.CDK.AWS.WAFv2.CfnWebACL cfnWebACL2 = new Amazon.CDK.AWS.WAFv2.CfnWebACL(this, "MyCfnWebACL", new Amazon.CDK.AWS.WAFv2.CfnWebACLProps {
        DefaultAction = new Amazon.CDK.AWS.WAFv2.CfnWebACL.DefaultActionProperty {
          Block = true
        },
        Name = "Allow_Post",
        Rules = new [] { new Amazon.CDK.AWS.WAFv2.CfnWebACL.RuleProperty {
            Name = "Allow_Post",
                  Priority = 1,
                  Statement = new Amazon.CDK.AWS.WAFv2.CfnWebACL.StatementProperty {
                    ByteMatchStatement = new Amazon.CDK.AWS.WAFv2.CfnWebACL.ByteMatchStatementProperty {
                      FieldToMatch = new Amazon.CDK.AWS.WAFv2.CfnWebACL.FieldToMatchProperty {
                        Method = HttpMethod.Post
                        },
                      PositionalConstraint = "EXACTLY",
                      SearchString = "POST",
                      TextTransformations = new [] { new Amazon.CDK.AWS.WAFv2.CfnWebACL.TextTransformationProperty {
                        Priority = 1,
                        Type = "NONE"
                      } },
                    }
                  },
                  VisibilityConfig = new Amazon.CDK.AWS.WAFv2.CfnWebACL.VisibilityConfigProperty {
                    CloudWatchMetricsEnabled = false,
                    MetricName = "metricName",
                    SampledRequestsEnabled = false

        }}},
        VisibilityConfig = new Amazon.CDK.AWS.WAFv2.CfnWebACL.VisibilityConfigProperty {
          CloudWatchMetricsEnabled = false,
          MetricName = "metricName",
          SampledRequestsEnabled = false
      },
        Scope = "REGIONAL",
      });

1 个解决方案

解决方案1
 0 已采纳  2022-05-04 02:13:29

Finally got this working:终于得到这个工作:

      Amazon.CDK.AWS.WAFv2.CfnWebACL cfnWebACL = new Amazon.CDK.AWS.WAFv2.CfnWebACL(this, "MyCfnWebACLw", new Amazon.CDK.AWS.WAFv2.CfnWebACLProps {
        DefaultAction = new Amazon.CDK.AWS.WAFv2.CfnWebACL.DefaultActionProperty {
          Block = new Amazon.CDK.AWS.WAFv2.CfnWebACL.BlockActionProperty {
            CustomResponse = new Amazon.CDK.AWS.WAFv2.CfnWebACL.CustomResponseProperty {
              ResponseCode = 403,
              }
          }
        },
        Scope = "REGIONAL",
        VisibilityConfig = new Amazon.CDK.AWS.WAFv2.CfnWebACL.VisibilityConfigProperty {
          MetricName = "test",
          SampledRequestsEnabled = false,
          CloudWatchMetricsEnabled = false
        },
        Rules = new [] { new Amazon.CDK.AWS.WAFv2.CfnWebACL.RuleProperty {
          Name = "myRule",
          Priority = 0,
          Statement = new Amazon.CDK.AWS.WAFv2.CfnWebACL.StatementProperty {
            ByteMatchStatement = new Amazon.CDK.AWS.WAFv2.CfnWebACL.ByteMatchStatementProperty {
              PositionalConstraint = "EXACTLY",
              SearchString = "POST",
              TextTransformations = new [] {new Amazon.CDK.AWS.WAFv2.CfnWebACL.TextTransformationProperty {
                Priority = 0,
                Type = "NONE"
              }},
              FieldToMatch = new Amazon.CDK.AWS.WAFv2.CfnWebACL.FieldToMatchProperty {
                Method = new Dictionary<string, object> {{ "name", "Post" }}
              }
            }
          },
          VisibilityConfig = new Amazon.CDK.AWS.WAFv2.CfnWebACL.VisibilityConfigProperty {
            MetricName = "myMEtric",
            SampledRequestsEnabled = false,
            CloudWatchMetricsEnabled = false
          },
          Action = new Amazon.CDK.AWS.WAFv2.CfnWebACL.RuleActionProperty {
            Allow = new Amazon.CDK.AWS.WAFv2.CfnWebACL.AllowActionProperty {
              CustomRequestHandling = new Amazon.CDK.AWS.WAFv2.CfnWebACL.CustomRequestHandlingProperty {
                InsertHeaders = new [] { new Amazon.CDK.AWS.WAFv2.CfnWebACL.CustomHTTPHeaderProperty {
                  Name = "name",
                  Value = "value"
                } }
                }
              }
          }
        }}
      });

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS 的 WAF 是否也对被 Web ACL 拒绝的请求收费? - Does AWS's WAF also charge for requests rejected by Web ACLs? 用于 waf 规则的正则表达式测试工具 - regex test tool for waf rule AWS - 防火墙管理器 - WAF 规则如何阻止来自 IP 地址(无主机名)的请求? - AWS - Firewall Manager - WAF Rules How to block requests from IP address (No Host name)? 在启用 WAF 的情况下阻止 AJAX 在 Amazon ALB 中托管的 webapp 上发布请求 - 以防表单数据包含空格字符 - Blocking AJAX Post requests on webapp hosted in Amazon ALB with WAF enabled - in case form data contains space character 如何接受 AWS Lambda 的 POST 请求 - How to accept a POST request with AWS Lambda 如何从 AWS WAF v1 升级到 WAF V2 - How to upgrade from AWS WAF v1 to WAF V2 无法删除 AWS WAF 服务 - Unable to delete AWS WAF service AWS WAF 对 cloudfront 后面的 apigateway 没有影响 - AWS WAF has no effect on apigateway behind cloudfront AWS ECS 和 WAF 上的 fail2ban - fail2ban on AWS ECS and WAF AWS WAF 客户端证书身份验证 - AWS WAF Client-side certificate Authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM