本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
可承諾量範例:回應檢驗組態
下列 JSON 清單顯示範例 Web ACL,其中包含設定為檢查原始回應的 AWS WAF 詐騙控制帳戶接管 (ATP) 受管理規則群組。請注意響應檢查配置,該配置指定成功和響應狀態代碼。您也可以根據標題、內文和內文 JSON 相符項目來設定成功和回應設定。此 JSON 包含 Web ACL 自動產生的設定,例如標籤命名空間和 Web ACL 的應用程式整合 URL。
注意
可承諾量回應檢查僅適用於保護 CloudFront 分配的 Web ACL。
{ "WebACL": { "LabelNamespace": "awswaf:111122223333:webacl:ATPModuleACL:", "Capacity": 50, "Description": "This is a test web ACL for ATP.", "Rules": [ { "Priority": 1, "OverrideAction": { "None": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AccountTakeOverValidationRule" }, "Name": "DetectCompromisedUserCredentials", "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "
AWSManagedRulesATPRuleSet
", "ManagedRuleGroupConfigs": [ { "AWSManagedRulesATPRuleSet": { "LoginPath": "/web/login", "RequestInspection": { "PayloadType": "JSON", "UsernameField": { "Identifier": "/form/username" }, "PasswordField": { "Identifier": "/form/password" } }, "ResponseInspection": { "StatusCode": { "SuccessCodes": [ 200 ], "FailureCodes": [ 401 ] } }, "EnableRegexInPath": false } } ] } } } ], "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "ATPValidationAcl" }, "DefaultAction": { "Allow": {} }, "ManagedByFirewallManager": false, "Id": "32q10987-65rs-4tuv-3210-98765wxyz432", "ARN": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/ATPModuleACL/32q10987-65rs-4tuv-3210-98765wxyz432", "Name": "ATPModuleACL" }, "ApplicationIntegrationURL": "https://9z87abce34ea.us-east-1.sdk.awswaf.com/9z87abce34ea/1234567a1b10/", "LockToken": "6d0e6966-95c9-48b6-b51d-8e82e523b847" }