Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
Esempi di log per il traffico ACL web
Questa sezione fornisce esempi per la registrazione del traffico ACL Web.
Esempio Regola 1 basata sulla frequenza: configurazione delle regole con una chiave, impostata su Header:dogname
{ "Name": "RateBasedRule", "Priority": 1, "Statement": { "RateBasedStatement": { "Limit": 100, "AggregateKeyType": "CUSTOM_KEYS", "CustomKeys": [ { "Header": { "Name": "dogname", "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ] } } ] } }, "Action": { "Block": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "RateBasedRule" } }
Esempio Regola basata sulla tariffa 1: immissione del registro per la richiesta bloccata dalla regola basata sulla tariffa
{ "timestamp":1683355579981, "formatVersion":1, "webaclId": ..., "terminatingRuleId":"RateBasedRule", "terminatingRuleType":"RATE_BASED", "action":"BLOCK", "terminatingRuleMatchDetails":[ ], "httpSourceName":"APIGW", "httpSourceId":"EXAMPLE11:rjvegx5guh:CanaryTest", "ruleGroupList":[ ], "rateBasedRuleList":[ { "rateBasedRuleId": ..., "rateBasedRuleName":"RateBasedRule", "limitKey":"CUSTOMKEYS", "maxRateAllowed":100, "evaluationWindowSec":"120", "customValues":[ { "key":"HEADER", "name":"dogname", "value":"ella" } ] } ], "nonTerminatingMatchingRules":[ ], "requestHeadersInserted":null, "responseCodeSent":null, "httpRequest":{ "clientIp":"52.46.82.45", "country":"FR", "headers":[ { "name":"X-Forwarded-For", "value":"52.46.82.45" }, { "name":"X-Forwarded-Proto", "value":"https" }, { "name":"X-Forwarded-Port", "value":"443" }, { "name":"Host", "value":"rjvegx5guh.execute-api.eu-west-3.amazonaws.com" }, { "name":"X-Amzn-Trace-Id", "value":"Root=1-645566cf-7cb058b04d9bb3ee01dc4036" }, { "name":"dogname", "value":"ella" }, { "name":"User-Agent", "value":"RateBasedRuleTestKoipOneKeyModulePV2" }, { "name":"Accept-Encoding", "value":"gzip,deflate" } ], "uri":"/CanaryTest", "args":"", "httpVersion":"HTTP/1.1", "httpMethod":"GET", "requestId":"Ed0AiHF_CGYF-DA=" } }
Esempio Regola 2 basata sulla tariffa: configurazione delle regole con due chiavi, impostata su e Header:dognameHeader:catname
{ "Name": "RateBasedRule", "Priority": 1, "Statement": { "RateBasedStatement": { "Limit": 100, "AggregateKeyType": "CUSTOM_KEYS", "CustomKeys": [ { "Header": { "Name": "dogname", "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ] } }, { "Header": { "Name": "catname", "TextTransformations": [ { "Priority": 0, "Type": "NONE" } ] } } ] } }, "Action": { "Block": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "RateBasedRule" } }
Esempio Regola basata sulla tariffa 2: immissione del registro per la richiesta bloccata dalla regola basata sulla tariffa
{ "timestamp":1633322211194, "formatVersion":1, "webaclId":..., "terminatingRuleId":"RateBasedRule", "terminatingRuleType":"RATE_BASED", "action":"BLOCK", "terminatingRuleMatchDetails":[ ], "httpSourceName":"APIGW", "httpSourceId":"EXAMPLE11:rjvegx5guh:CanaryTest", "ruleGroupList":[ ], "rateBasedRuleList":[ { "rateBasedRuleId":..., "rateBasedRuleName":"RateBasedRule", "limitKey":"CUSTOMKEYS", "maxRateAllowed":100, "evaluationWindowSec":"120", "customValues":[ { "key":"HEADER", "name":"dogname", "value":"ella" }, { "key":"HEADER", "name":"catname", "value":"goofie" } ] } ], "nonTerminatingMatchingRules":[ ], "requestHeadersInserted":null, "responseCodeSent":null, "httpRequest":{ "clientIp":"52.46.82.35", "country":"FR", "headers":[ { "name":"X-Forwarded-For", "value":"52.46.82.35" }, { "name":"X-Forwarded-Proto", "value":"https" }, { "name":"X-Forwarded-Port", "value":"443" }, { "name":"Host", "value":"23llbyn8v3.execute-api.eu-west-3.amazonaws.com" }, { "name":"X-Amzn-Trace-Id", "value":"Root=1-64556629-17ac754c2ed9f0620e0f2a0c" }, { "name":"catname", "value":"goofie" }, { "name":"dogname", "value":"ella" }, { "name":"User-Agent", "value":"Apache-HttpClient/UNAVAILABLE (Java/11.0.19)" }, { "name":"Accept-Encoding", "value":"gzip,deflate" } ], "uri":"/CanaryTest", "args":"", "httpVersion":"HTTP/1.1", "httpMethod":"GET", "requestId":"EdzmlH5OCGYF1vQ=" } }
Esempio Registra l'output di una regola che si è attivata al momento del rilevamento (terminazione) SQLi
{ "timestamp": 1576280412771, "formatVersion": 1, "webaclId": "arn:aws:wafv2:ap-southeast-2:111122223333:regional/webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE", "terminatingRuleId": "STMTest_SQLi_XSS", "terminatingRuleType": "REGULAR", "action": "BLOCK", "terminatingRuleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "HIGH", "location": "HEADER", "matchedData": [ "10", "AND", "1" ] } ], "httpSourceName": "-", "httpSourceId": "-", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "httpRequest": { "clientIp": "1.1.1.1", "country": "AU", "headers": [ { "name": "Host", "value": "localhost:1989" }, { "name": "User-Agent", "value": "curl/7.61.1" }, { "name": "Accept", "value": "*/*" }, { "name": "x-stm-test", "value": "10 AND 1=1" } ], "uri": "/myUri", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "rid" }, "labels": [ { "name": "value" } ] }
Esempio Output di log per una regola attivata al momento del SQLi rilevamento (non terminante)
{ "timestamp":1592357192516 ,"formatVersion":1 ,"webaclId":"arn:aws:wafv2:us-east-1:123456789012:global/webacl/hello-world/5933d6d9-9dde-js82-v8aw-9ck28nv9" ,"terminatingRuleId":"Default_Action" ,"terminatingRuleType":"REGULAR" ,"action":"ALLOW" ,"terminatingRuleMatchDetails":[] ,"httpSourceName":"-" ,"httpSourceId":"-" ,"ruleGroupList":[] ,"rateBasedRuleList":[] ,"nonTerminatingMatchingRules": [{ "ruleId":"TestRule" ,"action":"COUNT" ,"ruleMatchDetails": [{ "conditionType":"SQL_INJECTION" ,"sensitivityLevel": "HIGH" ,"location":"HEADER" ,"matchedData":[ "10" ,"and" ,"1"] }] }] ,"httpRequest":{ "clientIp":"3.3.3.3" ,"country":"US" ,"headers":[ {"name":"Host","value":"localhost:1989"} ,{"name":"User-Agent","value":"curl/7.61.1"} ,{"name":"Accept","value":"*/*"} ,{"name":"myHeader","myValue":"10 AND 1=1"} ] ,"uri":"/myUri","args":"" ,"httpVersion":"HTTP/1.1" ,"httpMethod":"GET" ,"requestId":"rid" }, "labels": [ { "name": "value" } ] }
Esempio Output di log per più regole attivate all'interno di un gruppo di regole (Rulea-XSS termina e Rule-B non termina)
{ "timestamp":1592361810888, "formatVersion":1, "webaclId":"arn:aws:wafv2:us-east-1:123456789012:global/webacl/hello-world/5933d6d9-9dde-js82-v8aw-9ck28nv9" ,"terminatingRuleId":"RG-Reference" ,"terminatingRuleType":"GROUP" ,"action":"BLOCK", "terminatingRuleMatchDetails": [{ "conditionType":"XSS" ,"location":"HEADER" ,"matchedData":["<","frameset"] }] ,"httpSourceName":"-" ,"httpSourceId":"-" ,"ruleGroupList": [{ "ruleGroupId":"arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/hello-world/c05lb698-1f11-4m41-aef4-99a506d53f4b" ,"terminatingRule":{ "ruleId":"RuleA-XSS" ,"action":"BLOCK" ,"ruleMatchDetails":null } ,"nonTerminatingMatchingRules": [{ "ruleId":"RuleB-SQLi" ,"action":"COUNT" ,"ruleMatchDetails": [{ "conditionType":"SQL_INJECTION" ,"sensitivityLevel": "LOW" ,"location":"HEADER" ,"matchedData":[ "10" ,"and" ,"1"] }] }] ,"excludedRules":null }] ,"rateBasedRuleList":[] ,"nonTerminatingMatchingRules":[] ,"httpRequest":{ "clientIp":"3.3.3.3" ,"country":"US" ,"headers": [ {"name":"Host","value":"localhost:1989"} ,{"name":"User-Agent","value":"curl/7.61.1"} ,{"name":"Accept","value":"*/*"} ,{"name":"myHeader1","value":"<frameset onload=alert(1)>"} ,{"name":"myHeader2","value":"10 AND 1=1"} ] ,"uri":"/myUri" ,"args":"" ,"httpVersion":"HTTP/1.1" ,"httpMethod":"GET" ,"requestId":"rid" }, "labels": [ { "name": "value" } ] }
Esempio Output di log per una regola attivata per l'ispezione del corpo della richiesta con tipo di contenuto JSON
AWS WAF attualmente riporta la posizione dell'ispezione del corpo JSON come. UNKNOWN
{ "timestamp": 1576280412771, "formatVersion": 1, "webaclId": "arn:aws:wafv2:ap-southeast-2:123456789012:regional/webacl/test/111", "terminatingRuleId": "STMTest_SQLi_XSS", "terminatingRuleType": "REGULAR", "action": "BLOCK", "terminatingRuleMatchDetails": [ { "conditionType": "SQL_INJECTION", "sensitivityLevel": "LOW", "location": "UNKNOWN", "matchedData": [ "10", "AND", "1" ] } ], "httpSourceName": "ALB", "httpSourceId": "alb", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "requestHeadersInserted":null, "responseCodeSent":null, "httpRequest": { "clientIp": "1.1.1.1", "country": "AU", "headers": [], "uri": "", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "POST", "requestId": "null" }, "labels": [ { "name": "value" } ] }
Esempio Registra l'output di una regola CAPTCHA in base a una richiesta web con un token CAPTCHA valido e non scaduto
Il seguente elenco di log riguarda una richiesta Web che corrisponde a una regola con CAPTCHA azione. La richiesta web ha un token CAPTCHA valido e non scaduto e viene annotata solo come corrispondenza CAPTCHA da AWS WAF, analogamente al comportamento per il Count azione. Questa corrispondenza CAPTCHA è indicata sotto. nonTerminatingMatchingRules
{ "timestamp": 1632420429309, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/captcha-web-acl/585e38b5-afce-4d2a-b417-14fb08b66c67", "terminatingRuleId": "Default_Action", "terminatingRuleType": "REGULAR", "action": "ALLOW", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "123456789012:b34myvfw0b:pen-test", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [ { "ruleId": "captcha-rule", "action": "CAPTCHA", "ruleMatchDetails": [], "captchaResponse": { "responseCode": 0, "solveTimestamp": 1632420429 } } ], "requestHeadersInserted": [ { "name": "x-amzn-waf-test-header-name", "value": "test-header-value" } ], "responseCodeSent": null, "httpRequest": { "clientIp": "72.21.198.65", "country": "US", "headers": [ { "name": "X-Forwarded-For", "value": "72.21.198.65" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "b34myvfw0b.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-614cc24d-5ad89a09181910c43917a888" }, { "name": "cache-control", "value": "max-age=0" }, { "name": "sec-ch-ua", "value": "\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"" }, { "name": "sec-ch-ua-mobile", "value": "?0" }, { "name": "sec-ch-ua-platform", "value": "\"Windows\"" }, { "name": "upgrade-insecure-requests", "value": "1" }, { "name": "user-agent", "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.54 Safari/537.36" }, { "name": "accept", "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" }, { "name": "sec-fetch-site", "value": "same-origin" }, { "name": "sec-fetch-mode", "value": "navigate" }, { "name": "sec-fetch-user", "value": "?1" }, { "name": "sec-fetch-dest", "value": "document" }, { "name": "referer", "value": "https://b34myvfw0b.gamma.execute-api.us-east-1.amazonaws.com/pen-test/pets" }, { "name": "accept-encoding", "value": "gzip, deflate, br" }, { "name": "accept-language", "value": "en-US,en;q=0.9" }, { "name": "cookie", "value": "aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg==" } ], "uri": "/pen-test/pets", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "GINMHHUgoAMFxug=" } }
Esempio Registra l'output di una regola CAPTCHA rispetto a una richiesta web che non ha un token CAPTCHA
Il seguente elenco di log riguarda una richiesta Web che corrisponde a una regola con CAPTCHA azione. La richiesta web non aveva un token CAPTCHA ed è stata bloccata da. AWS WAF
{ "timestamp": 1632420416512, "formatVersion": 1, "webaclId": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/captcha-web-acl/585e38b5-afce-4d2a-b417-14fb08b66c67", "terminatingRuleId": "captcha-rule", "terminatingRuleType": "REGULAR", "action": "CAPTCHA", "terminatingRuleMatchDetails": [], "httpSourceName": "APIGW", "httpSourceId": "123456789012:b34myvfw0b:pen-test", "ruleGroupList": [], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "requestHeadersInserted": null, "responseCodeSent": 405, "httpRequest": { "clientIp": "72.21.198.65", "country": "US", "headers": [ { "name": "X-Forwarded-For", "value": "72.21.198.65" }, { "name": "X-Forwarded-Proto", "value": "https" }, { "name": "X-Forwarded-Port", "value": "443" }, { "name": "Host", "value": "b34myvfw0b.gamma.execute-api.us-east-1.amazonaws.com" }, { "name": "X-Amzn-Trace-Id", "value": "Root=1-614cc240-18b57ff33c10e5c016b508c5" }, { "name": "sec-ch-ua", "value": "\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"" }, { "name": "sec-ch-ua-mobile", "value": "?0" }, { "name": "sec-ch-ua-platform", "value": "\"Windows\"" }, { "name": "upgrade-insecure-requests", "value": "1" }, { "name": "user-agent", "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.54 Safari/537.36" }, { "name": "accept", "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" }, { "name": "sec-fetch-site", "value": "cross-site" }, { "name": "sec-fetch-mode", "value": "navigate" }, { "name": "sec-fetch-user", "value": "?1" }, { "name": "sec-fetch-dest", "value": "document" }, { "name": "accept-encoding", "value": "gzip, deflate, br" }, { "name": "accept-language", "value": "en-US,en;q=0.9" } ], "uri": "/pen-test/pets", "args": "", "httpVersion": "HTTP/1.1", "httpMethod": "GET", "requestId": "GINKHEssoAMFsrg=" }, "captchaResponse": { "responseCode": 405, "solveTimestamp": 0, "failureReason": "TOKEN_MISSING" } }
