Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Contoh log untuk ACL lalu lintas web
Bagian ini memberikan contoh untuk mencatat ACL lalu lintas web.
contoh Aturan berbasis tingkat 1: Konfigurasi aturan dengan satu kunci, atur ke Header:dogname
{ "Name": "RateBasedRule", "Priority": 1, "Statement": { "RateBasedStatement": { "Limit": 100, "AggregateKeyType": "CUSTOM_KEYS", "CustomKeys": [ { "Header": { "Name": "dogname", "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ] } } ] } }, "Action": { "Block": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "RateBasedRule" } }
contoh Aturan berbasis tarif 1: Entri log untuk permintaan yang diblokir oleh aturan berbasis tarif
{ "timestamp":1683355579981, "formatVersion":1, "webaclId": ..., "terminatingRuleId":"RateBasedRule", "terminatingRuleType":"RATE_BASED", "action":"BLOCK", "terminatingRuleMatchDetails":[ ], "httpSourceName":"APIGW", "httpSourceId":"EXAMPLE11:rjvegx5guh:CanaryTest", "ruleGroupList":[ ], "rateBasedRuleList":[ { "rateBasedRuleId": ..., "rateBasedRuleName":"RateBasedRule", "limitKey":"CUSTOMKEYS", "maxRateAllowed":100, "evaluationWindowSec":"120", "customValues":[ { "key":"HEADER", "name":"dogname", "value":"ella" } ] } ], "nonTerminatingMatchingRules":[ ], "requestHeadersInserted":null, "responseCodeSent":null, "httpRequest":{ "clientIp":"52.46.82.45", "country":"FR", "headers":[ { "name":"X-Forwarded-For", "value":"52.46.82.45" }, { "name":"X-Forwarded-Proto", "value":"https" }, { "name":"X-Forwarded-Port", "value":"443" }, { "name":"Host", "value":"rjvegx5guh.execute-api.eu-west-3.amazonaws.com" }, { "name":"X-Amzn-Trace-Id", "value":"Root=1-645566cf-7cb058b04d9bb3ee01dc4036" }, { "name":"dogname", "value":"ella" }, { "name":"User-Agent", "value":"RateBasedRuleTestKoipOneKeyModulePV2" }, { "name":"Accept-Encoding", "value":"gzip,deflate" } ], "uri":"/CanaryTest", "args":"", "httpVersion":"HTTP/1.1", "httpMethod":"GET", "requestId":"Ed0AiHF_CGYF-DA=" } }
contoh Aturan berbasis tingkat 2: Konfigurasi aturan dengan dua tombol, diatur ke dan Header:dognameHeader:catname
{ "Name": "RateBasedRule", "Priority": 1, "Statement": { "RateBasedStatement": { "Limit": 100, "AggregateKeyType": "CUSTOM_KEYS", "CustomKeys": [ { "Header": { "Name": "dogname", "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ] } }, { "Header": { "Name": "catname", "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ] } } ] } }, "Action": { "Block": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "RateBasedRule" } }
contoh Aturan berbasis tarif 2: Entri log untuk permintaan yang diblokir oleh aturan berbasis tarif
{ "timestamp":1633322211194, "formatVersion":1, "webaclId":..., "terminatingRuleId":"RateBasedRule", "terminatingRuleType":"RATE_BASED", "action":"BLOCK", "terminatingRuleMatchDetails":[ ], "httpSourceName":"APIGW", "httpSourceId":"EXAMPLE11:rjvegx5guh:CanaryTest", "ruleGroupList":[ ], "rateBasedRuleList":[ { "rateBasedRuleId":..., "rateBasedRuleName":"RateBasedRule", "limitKey":"CUSTOMKEYS", "maxRateAllowed":100, "evaluationWindowSec":"120", "customValues":[ { "key":"HEADER", "name":"dogname", "value":"ella" }, { "key":"HEADER", "name":"catname", "value":"goofie" } ] } ], "nonTerminatingMatchingRules":[ ], "requestHeadersInserted":null, "responseCodeSent":null, "httpRequest":{ "clientIp":"52.46.82.35", "country":"FR", "headers":[ { "name":"X-Forwarded-For", "value":"52.46.82.35" }, { "name":"X-Forwarded-Proto", "value":"https" }, { "name":"X-Forwarded-Port", "value":"443" }, { "name":"Host", "value":"23llbyn8v3.execute-api.eu-west-3.amazonaws.com" }, { "name":"X-Amzn-Trace-Id", "value":"Root=1-64556629-17ac754c2ed9f0620e0f2a0c" }, { "name":"catname", "value":"goofie" }, { "name":"dogname", "value":"ella" }, { "name":"User-Agent", "value":"Apache-HttpClient/UNAVAILABLE (Java/11.0.19)" }, { "name":"Accept-Encoding", "value":"gzip,deflate" } ], "uri":"/CanaryTest", "args":"", "httpVersion":"HTTP/1.1", "httpMethod":"GET", "requestId":"EdzmlH5OCGYF1vQ=" } }
contoh Keluaran log untuk aturan yang dipicu saat SQLi deteksi (penghentian)
{ "timestamp": 1576280412771, "formatVersion": 1, "webaclId": "arn:aws:wafv2:ap-southeast-2:111122223333:regional/webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE", "terminatingRuleId": "STMTest_SQLi_XSS", "terminatingRuleType": "REGULAR", "action": "BLOCK", "terminatingRuleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "HEADER", "matchedData": [ "10", "AND", "1" ] } ], "httpSourceName": "-", "httpSourceId": "-", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "httpRequest": { "clientIp": "1.1.1.1", "country": "AU", "headers": [ { "name": "Host", "value": "localhost:1989" }, { "name": "User-Agent", "value": "curl/7.61.1" }, { "name": "Accept", "value": "*/*" }, { "name": "x-stm-test", "value": "10 AND 1=1" } ], "uri": "/myUri", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "rid" }, "labels": [ { "name": "value" } ] }
contoh Keluaran log untuk aturan yang dipicu saat SQLi deteksi (non-terminating)
{ "timestamp":1592357192516 ,"formatVersion":1 ,"webaclId":"arn:aws:wafv2:us-east-1:123456789012:global/webacl/hello-world/5933d6d9-9dde-js82-v8aw-9ck28nv9" ,"terminatingRuleId":"Default_Action" ,"terminatingRuleType":"REGULAR" ,"action":"ALLOW" ,"terminatingRuleMatchDetails":[] ,"httpSourceName":"-" ,"httpSourceId":"-" ,"ruleGroupList":[] ,"rateBasedRuleList":[] ,"nonTerminatingMatchingRules": [{ "ruleId":"TestRule" ,"action":"COUNT" ,"ruleMatchDetails": [{ "conditionType":"SQL_INJECTION" ,"sensitivityLevel": "HIGH" ,"location":"HEADER" ,"matchedData":[ "10" ,"and" ,"1"] }] }] ,"httpRequest":{ "clientIp":"3.3.3.3" ,"country":"US" ,"headers":[ {"name":"Host","value":"localhost:1989"} ,{"name":"User-Agent","value":"curl/7.61.1"} ,{"name":"Accept","value":"*/*"} ,{"name":"myHeader","myValue":"10 AND 1=1"} ] ,"uri":"/myUri","args":"" ,"httpVersion":"HTTP/1.1" ,"httpMethod":"GET" ,"requestId":"rid" }, "labels": [ { "name": "value" } ] }
contoh Keluaran log untuk beberapa aturan yang dipicu di dalam grup aturan (ruleA- berakhir dan Aturan-B XSS tidak berakhir)
{ "timestamp":1592361810888, "formatVersion":1, "webaclId":"arn:aws:wafv2:us-east-1:123456789012:global/webacl/hello-world/5933d6d9-9dde-js82-v8aw-9ck28nv9" ,"terminatingRuleId":"RG-Reference" ,"terminatingRuleType":"GROUP" ,"action":"BLOCK", "terminatingRuleMatchDetails": [{ "conditionType":"XSS" ,"location":"HEADER" ,"matchedData":["<","frameset"] }] ,"httpSourceName":"-" ,"httpSourceId":"-" ,"ruleGroupList": [{ "ruleGroupId":"arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/hello-world/c05lb698-1f11-4m41-aef4-99a506d53f4b" ,"terminatingRule":{ "ruleId":"RuleA-XSS" ,"action":"BLOCK" ,"ruleMatchDetails":null } ,"nonTerminatingMatchingRules": [{ "ruleId":"RuleB-SQLi" ,"action":"COUNT" ,"ruleMatchDetails": [{ "conditionType":"SQL_INJECTION" ,"sensitivityLevel": "LOW" ,"location":"HEADER" ,"matchedData":[ "10" ,"and" ,"1"] }] }] ,"excludedRules":null }] ,"rateBasedRuleList":[] ,"nonTerminatingMatchingRules":[] ,"httpRequest":{ "clientIp":"3.3.3.3" ,"country":"US" ,"headers": [ {"name":"Host","value":"localhost:1989"} ,{"name":"User-Agent","value":"curl/7.61.1"} ,{"name":"Accept","value":"*/*"} ,{"name":"myHeader1","value":"<frameset onload=alert(1)>"} ,{"name":"myHeader2","value":"10 AND 1=1"} ] ,"uri":"/myUri" ,"args":"" ,"httpVersion":"HTTP/1.1" ,"httpMethod":"GET" ,"requestId":"rid" }, "labels": [ { "name": "value" } ] }
contoh Keluaran log untuk aturan yang dipicu untuk pemeriksaan badan permintaan dengan tipe konten JSON
AWS WAF saat ini melaporkan lokasi untuk inspeksi JSON tubuh sebagaiUNKNOWN.
{ "timestamp": 1576280412771, "formatVersion": 1, "webaclId": "arn:aws:wafv2:ap-southeast-2:123456789012:regional/webacl/test/111", "terminatingRuleId": "STMTest_SQLi_XSS", "terminatingRuleType": "REGULAR", "action": "BLOCK", "terminatingRuleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "LOW", "location": "UNKNOWN", "matchedData": [ "10", "AND", "1" ] } ], "httpSourceName": "ALB", "httpSourceId": "alb", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "requestHeadersInserted":null, "responseCodeSent":null, "httpRequest": { "clientIp": "1.1.1.1", "country": "AU", "headers": [], "uri": "", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "POST", "requestId": "null" }, "labels": [ { "name": "value" } ] }
contoh Keluaran log untuk CAPTCHA aturan terhadap permintaan web dengan token yang valid dan belum kedaluwarsa CAPTCHA
Daftar log berikut adalah untuk permintaan web yang cocok dengan aturan CAPTCHA tindakan. Permintaan web memiliki CAPTCHA token yang valid dan belum kedaluwarsa, dan hanya dicatat sebagai kecocokan oleh CAPTCHA AWS WAF, mirip dengan perilaku untuk Count tindakan. CAPTCHAPertandingan ini dicatat di bawahnonTerminatingMatchingRules.
{ "timestamp": 1632420429309, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/captcha-web-acl/585e38b5-afce-4d2a-b417-14fb08b66c67", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "123456789012:b34myvfw0b:pen-test", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [ { "ruleId": "captcha-rule", "action": "CAPTCHA", "ruleMatchDetails": [], "captchaResponse": { "responseCode": 0, "solveTimestamp": 1632420429 } } ], "requestHeadersInserted": [ { "name": "x-amzn-waf-test-header-name", "value": "test-header-value" } ], "responseCodeSent": null, "httpRequest": { "clientIp": "72.21.198.65", "country": "US", "headers": [ { "name": "X-Forwarded-For", "value": "72.21.198.65" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "b34myvfw0b.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-614cc24d-5ad89a09181910c43917a888" }, { "name": "cache-control", "value": "max-age=0" }, { "name": "sec-ch-ua", "value": "\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"" }, { "name": "sec-ch-ua-mobile", "value": "?0" }, { "name": "sec-ch-ua-platform", "value": "\"Windows\"" }, { "name": "upgrade-insecure-requests", "value": "1" }, { "name": "user-agent", "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.54 Safari/537.36" }, { "name": "accept", "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" }, { "name": "sec-fetch-site", "value": "same-origin" }, { "name": "sec-fetch-mode", "value": "navigate" }, { "name": "sec-fetch-user", "value": "?1" }, { "name": "sec-fetch-dest", "value": "document" }, { "name": "referer", "value": "https://b34myvfw0b.gamma.execute-api.us-east-1.amazonaws.com/pen-test/pets" }, { "name": "accept-encoding", "value": "gzip, deflate, br" }, { "name": "accept-language", "value": "en-US,en;q=0.9" }, { "name": "cookie", "value": "aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg==" } ], "uri": "/pen-test/pets", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "GINMHHUgoAMFxug=" } }
contoh Keluaran log untuk CAPTCHA aturan terhadap permintaan web yang tidak memiliki CAPTCHA token
Daftar log berikut adalah untuk permintaan web yang cocok dengan aturan CAPTCHA tindakan. Permintaan web tidak memiliki CAPTCHA token, dan diblokir oleh AWS WAF.
{ "timestamp": 1632420416512, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/captcha-web-acl/585e38b5-afce-4d2a-b417-14fb08b66c67", "terminatingRuleId": "captcha-rule", "terminatingRuleType": "REGULAR", "action": "CAPTCHA", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "123456789012:b34myvfw0b:pen-test", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "requestHeadersInserted": null, "responseCodeSent": 405, "httpRequest": { "clientIp": "72.21.198.65", "country": "US", "headers": [ { "name": "X-Forwarded-For", "value": "72.21.198.65" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "b34myvfw0b.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-614cc240-18b57ff33c10e5c016b508c5" }, { "name": "sec-ch-ua", "value": "\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"" }, { "name": "sec-ch-ua-mobile", "value": "?0" }, { "name": "sec-ch-ua-platform", "value": "\"Windows\"" }, { "name": "upgrade-insecure-requests", "value": "1" }, { "name": "user-agent", "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.54 Safari/537.36" }, { "name": "accept", "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" }, { "name": "sec-fetch-site", "value": "cross-site" }, { "name": "sec-fetch-mode", "value": "navigate" }, { "name": "sec-fetch-user", "value": "?1" }, { "name": "sec-fetch-dest", "value": "document" }, { "name": "accept-encoding", "value": "gzip, deflate, br" }, { "name": "accept-language", "value": "en-US,en;q=0.9" } ], "uri": "/pen-test/pets", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "GINKHEssoAMFsrg=" }, "captchaResponse": { "responseCode": 405, "solveTimestamp": 0, "failureReason": "TOKEN_MISSING" } }
