**Wir stellen vor: ein neues Konsolenerlebnis für AWS WAF**
Sie können das aktualisierte Erlebnis jetzt verwenden, um überall in der Konsole auf AWS WAF Funktionen zuzugreifen. Weitere Informationen finden Sie unter [Arbeiten mit der Konsole](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html).
Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.
# Beispiele für Datenschutz
Dieser Abschnitt enthält Protokollbeispiele für die Datenschutzprotokollierung des Datenverkehrs mit dem Protection Pack (Web ACL).
## DataProtection Hashing
Webacl-Konfiguration
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_QUERY_ARGUMENT",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
```
Beispiel für DataProtection Hashing: Logeintrag mit geschütztem SingleQuery Argument „hoppy“.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=" ],
"matchedFieldName": "hoppy"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "hoppy=z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## DataProtection Substitution
Webacl-Konfiguration
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_QUERY_ARGUMENT",
"field_keys": [
"hoppy"
]
},
"action": "SUBSTITUTION",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
```
Beispiel für DataProtection eine Substitution: Logeintrag mit geschütztem Einzelabfrageargument „hoppy“
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": []
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "hoppy=REDACTED&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Aufbewahrung von Daten in RuleMatchDetails
Webacl-Konfiguration
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_HEADER",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": true,
"exclude_rate_based_details": false
}
]
}
```
Beispiel für die Aufbewahrung von Daten in RuleMatchDetails: Protokolleintrag, bei dem ein einzelnes `Header` „hoppy“ -Zeichen geschützt ist, der Wert jedoch nur in gespeichert wird. `RuleMatchDetails`
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "HEADER",
"matchedData": [ "10", "AND", "1" ],
"matchedFieldName": "hoppy"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "hoppy",
"value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "hoppy",
"value": "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM="
}],
"uri": "/CanaryTest",
"args": "happy=true",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Aufbewahrung von Daten in rateBasedRule
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_HEADER",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": true
}
]
}
```
Beispiel für die Aufbewahrung von Daten in einer rateBasedRule Liste: Protokolleintrag, bei dem die Single `Header` „hoppy“ geschützt ist, aber der Wert wird nur in gespeichert `rateBasedRuleList`
```
{
"timestamp": 1683355579981,
"formatVersion": 1,
"webaclId": ...,
"terminatingRuleId": "RateBasedRule",
"terminatingRuleType": "RATE_BASED",
"action": "BLOCK",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "EXAMPLE11:rjvegx5guh:CanaryTest",
"ruleGroupList": [],
"rateBasedRuleList": [{
"rateBasedRuleId": ...,
"rateBasedRuleName": "RateBasedRule",
"limitKey": "CUSTOMKEYS",
"maxRateAllowed": 100,
"evaluationWindowSec": "120",
"customValues": [{
"key": "HEADER",
"name": "hoppy",
"value": "ella"
}]
}],
"nonTerminatingMatchingRules": [],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "52.46.82.45",
"country": "FR",
"headers": [{
"name": "X-Forwarded-For",
"value": "52.46.82.45"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "rjvegx5guh.execute-api.eu-west-3.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-645566cf-7cb058b04d9bb3ee01dc4036"
}, {
"name": "hoppy",
"value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="
}, {
"name": "User-Agent",
"value": "RateBasedRuleTestKoipOneKeyModulePV2"
}, {
"name": "Accept-Encoding",
"value": "gzip,deflate"
}],
"uri": "/CanaryTest",
"args": "",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "Ed0AiHF_CGYF-DA="
}
}
```
## Datenschutz für Body
AWS WAF loggt nur Teilmengen von Body ein. `RuleMatchDetails`
Webacl-Konfiguration
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "BODY"
},
"action": "SUBSTITUTE",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
```
Beispiel DataProtection für Body: Protokolleintrag, bei dem der Text ersetzt wurde. `ruleMatchDetails`
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIBody",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "BODY",
"matchedData": ["REDACTED"]
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=dog;"
}],
"uri": "/CanaryTest",
"args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Datenschutz für `SINGLE_COOKIE`
Webacl-Konfiguration
```
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_COOKIE",
"field_keys": [
"MILO"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
```
Beispiel DataProtection für`SINGLE_COOKIE`: Logeintrag mit geschütztem `SINGLE_COOKIE` Namen „MILO“.
Das vollständige Protokoll zeigt, dass das Cookie mit dem Namen MILO geschützt ist `ruleMatchDetails` und der Cookie-Header. Nur Cookie-Werte sind geschützt und Schlüsselnamen sind ausgeschlossen.
**Anmerkung**
Bei allen geschützten Feldern (Einzelheader, Cookie, Query-Argument) wird nicht zwischen Groß- und Kleinschreibung unterschieden. In diesem Beispiel entspricht „MILO“ also „milo“.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "COOKIE",
"matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="],
"matchedFieldName": "milo"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=dog;milo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg=="
}],
"uri": "/CanaryTest",
"args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Datenschutz für alle Cookies
Sie können den Datenschutz für Cookies konfigurieren, indem Sie`SINGLE_HEADER`. Nur Cookie-Werte sind geschützt und Schlüsselnamen sind ausgeschlossen.
```
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_HEADER",
"FieldKeys": ["cookie"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
```
Beispiel DataProtection für das `header ` „COOKIE“: Logeintrag mit geschütztem Cookie-Header.
**Anmerkung**
Der Cookie-Name `AWS-WAF-TOKEN` liegt außerhalb des Datenschutzes.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=REDACTED;milo=REDACTED;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg=="
}],
"uri": "/CanaryTest",
"args": "baloo=xyz=&hoppy-query=abc&x-hoppy-extra=abc",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Datenschutz für einzelne Abfrageargumente
Sie können den Datenschutz für eine Abfragezeichenfolge konfigurieren, indem Sie`SINGLE_QUERY_ARGUMENT`. Dies wirkt sich auf die Schlüssel und Werte aller Abfrageargumente aus. Für die folgenden Beispiele lautete `baloo=10 AND 1=1&hoppy=10 AND 1=1&x-hoppy-extra=generic-%3Cwords` die ursprüngliche Abfragezeichenfolge.
Webacl-Konfiguration
```
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["hoppy"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
```
Beispiel DataProtection für`SINGLE_QUERY_ARGUEMENT`: Protokolleintrag mit einer durch Substitution geschützten Abfragezeichenfolge „hoppy“.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["REDACTED"],
"matchedFieldName": "hoppy"
}]
},
{
"ruleId": "FullQueryStringInspectionWhichDetectsTheFirstFieldWithSQLi_Baloo_IsAlsoMaskedMasked",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_ARGS",
"matchedData": ["REDACTED"],
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "10", "AND", "1" ],
"matchedFieldName": "baloo"
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "baloo=10 AND 1=1&hoppy=REDACTED&x-hoppy-extra=generic-%3Cwords",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Datenschutz für Abfragezeichenfolgen
Sie können den Datenschutz für eine Abfragezeichenfolge konfigurieren, indem Sie`QUERY_STRING`. Dies wirkt sich auf die Schlüssel und Werte aller Abfrageargumente aus. Für die folgenden Beispiele lautete `baloo=10 AND 1=1&hoppy-query=10 AND 1=1&x-hoppy-extra=generic-%3Cwords` die ursprüngliche Abfragezeichenfolge.
Webacl-Konfiguration
```
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "QUERY_STRING"
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
```
Beispiel DataProtection für`QUERY_STRING`: Protokolleintrag mit durch Substitution geschützter Abfragezeichenfolge.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_STRING",
"matchedData": ["REDACTED"]
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "REDACTED" ],
"matchedFieldName": "REDACTED"
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "REDACTED",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
## Datenschutz für mehrere Abfrageargumente
Sie können den Datenschutz für einzelne Abfrageargumente konfigurieren, indem Sie`SINGLE_QUERY_ARGUMENT`. Bei der Meldung lokaler Informationen verwenden wir lokale Schutzmaßnahmen. Für Zeichenfolgen, die in der Abfragezeichenfolge und im Cookie-Header übereinstimmen, gibt es jedoch viele Schutzkonfigurationen, die zutreffen könnten. Der Einfachheit halber `RuleMatchDetails` wird der strengste Schutz für angewendet, auch wenn er sich nicht mit dem entsprechenden Datenbereich überschneidet.
In den folgenden Beispielen lautete `baloo=is_a_good_boy&hoppy=likes_to_sleep&x-hoppy-extra=10 AND 1=1` die ursprüngliche Abfragezeichenfolge.
```
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["hoppy"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
},
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["baloo"]
},
"Action": "HASH",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
```
Beispiel DataProtection für mehrere Abfrageargumente.
```
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["REDACTED"],
"matchedFieldName": "hoppy"
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="],
"matchedFieldName": "baloo"
}]
},
{
"ruleId": "FullQueryStringDetects_x-hoppy-extra_IsSubstituted",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_ARGS",
"matchedData": ["REDACTED"], // Harshest of Protection Config
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "baloo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=&hoppy=REDACTED&x-hoppy-extra=10 AND 1=1",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
```
**Anmerkung**
Sie können nicht sowohl **QueryString Masking** als auch **Single Query Arg Masking** in derselben WebACL angeben.