**推出 的新主控台體驗 AWS WAF** 您現在可以使用更新後的體驗,在主控台的任何位置存取 AWS WAF 功能。如需詳細資訊,請參閱[使用 主控台](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html)。 本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # ACFP 範例:針對遭到入侵的登入資料進行自訂回應 根據預設,規則群組執行的登入資料檢查會透過標記和封鎖請求來處理`AWSManagedRulesACFPRuleSet`遭到入侵的登入資料。如需規則群組和規則行為的詳細資訊,請參閱 [AWS WAF 詐騙控制帳戶建立詐騙預防 (ACFP) 規則群組](aws-managed-rule-groups-acfp.md)。 若要通知使用者他們提供的帳戶登入資料已遭入侵,您可以執行下列動作: + **將`SignalCredentialCompromised`規則覆寫為 Count** – 這會導致規則僅計數和標記相符請求。 + **使用自訂處理新增標籤比對規則** – 設定此規則以符合 ACFP 標籤,並執行您的自訂處理。 下列保護套件 (Web ACL) 清單顯示先前範例中的 ACFP 受管規則群組,規則`SignalCredentialCompromised`動作會覆寫為計數。透過此組態,當此規則群組評估任何使用遭入侵登入資料的 Web 請求時,它會標記請求,但不會將其封鎖。 此外,保護套件 (Web ACL) 現在具有名為 的自訂回應`aws-waf-credential-compromised`和名為 的新規則`AccountSignupCompromisedCredentialsHandling`。規則優先順序是高於規則群組的數值設定,因此會在保護套件 (Web ACL) 評估中的規則群組之後執行。新規則會比對具有規則群組遭入侵憑證標籤的任何請求。當規則找到相符項目時,它會將 Block動作套用至具有自訂回應內文的請求。自訂回應內文會向最終使用者提供其登入資料遭到入侵的資訊,並提議採取動作。 ``` { "Name": "compromisedCreds", "Id": "... ", "ARN": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/compromisedCreds/...", "DefaultAction": { "Allow": {} }, "Description": "", "Rules": [ { "Name": "AWS-AWSManagedRulesACFPRuleSet", "Priority": 0, "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "AWSManagedRulesACFPRuleSet", "ManagedRuleGroupConfigs": [ { "AWSManagedRulesACFPRuleSet": { "CreationPath": "/web/signup/submit-registration", "RegistrationPagePath": "/web/signup/registration", "RequestInspection": { "PayloadType": "JSON", "UsernameField": { "Identifier": "/form/username" }, "PasswordField": { "Identifier": "/form/password" }, "EmailField": { "Identifier": "/form/email" }, "PhoneNumberFields": [ { "Identifier": "/form/country-code" }, { "Identifier": "/form/region-code" }, { "Identifier": "/form/phonenumber" } ], "AddressFields": [ { "Identifier": "/form/name" }, { "Identifier": "/form/street-address" }, { "Identifier": "/form/city" }, { "Identifier": "/form/state" }, { "Identifier": "/form/zipcode" } ] }, "EnableRegexInPath": false } } ], "RuleActionOverrides": [ { "Name": "SignalCredentialCompromised", "ActionToUse": { "Count": {} } } ] } }, "OverrideAction": { "None": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSManagedRulesACFPRuleSet" } }, { "Name": "AccountSignupCompromisedCredentialsHandling", "Priority": 1, "Statement": { "LabelMatchStatement": { "Scope": "LABEL", "Key": "awswaf:managed:aws:acfp:signal:credential_compromised" } }, "Action": { "Block": { "CustomResponse": { "ResponseCode": 406, "CustomResponseBodyKey": "aws-waf-credential-compromised", "ResponseHeaders": [ { "Name": "aws-waf-credential-compromised", "Value": "true" } ] } } }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AccountSignupCompromisedCredentialsHandling" } } ], "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "compromisedCreds" }, "Capacity": 51, "ManagedByFirewallManager": false, "RetrofittedByFirewallManager": false, "LabelNamespace": "awswaf:111122223333:webacl:compromisedCreds:", "CustomResponseBodies": { "aws-waf-credential-compromised": { "ContentType": "APPLICATION_JSON", "Content": "{\n \"credentials-compromised\": \"The credentials you provided have been found in a compromised credentials database.\\n\\nTry again with a different username, password pair.\"\n}" } } } ```