Comments (7)
hvital
commented on September 13, 2024
This default action should apply for Web ACL’s default action. I mean, if any rule got trigged when a request is process, then the default action takes place.
The rules configured by custom resource are set to be added as block ... what if we add an extra input parameter in this template to ask what should be the rules’ action?
from aws-waf-security-automations.
dpmallinger
commented on September 13, 2024
Hello,
I have a custom scenario where I want the default action to be "BLOCK". I updated the cloudformation
"WAFWebACL": {
"Type": "AWS::WAF::WebACL",
"Condition": "CreateWebACL",
"DependsOn": [
"WAFWhitelistRule"
],
"Properties": {
"Name": {
"Ref": "AWS::StackName"
},
"DefaultAction": {
"Type": **"BLOCK"**
},
"MetricName": "SecurityAutomationsMaliciousRequesters",
"Rules": [
{
"Action": {
"Type": "ALLOW"
},
"Priority": 10,
"RuleId": {
"Ref": "WAFWhitelistRule"
}
}
]
}
},
but once custom-resource.py runs it changes it to "ALLOW".
I don't see a need for this line in the python script
DefaultAction={'Type': 'ALLOW'}
why not simply honor the cloudformation value?
from aws-waf-security-automations.
hvital
commented on September 13, 2024
I got your point!
We can't remove this parameter from update_web_acl as it seems to be required but I'll add an extra step to retrieve the current action instead assuming the it should be ALLOW.
from aws-waf-security-automations.
dpmallinger
commented on September 13, 2024
how I read the documentation is that if "DefaultAction" is passed then "Type" is required but I don't believe that "DefaultAction" is required
from aws-waf-security-automations.
hvital
commented on September 13, 2024
I miss understood the Type (string) -- [REQUIRED] boto doc. Lets just remove this parameter then :)
Just added a note to include this for the next update. Thanks for pointing this out!!
from aws-waf-security-automations.
dpmallinger
commented on September 13, 2024
thanks!
from aws-waf-security-automations.
hvital
commented on September 13, 2024
Hi @dpmallinger.
We've just pushed a new version that include a fix for what you've mentioned.
Custom resource won't update the WebACL anymore:
https://github.com/awslabs/aws-waf-security-automations/blob/c7b25b4f9005469f1606e8da19c9704268f0697a/source/custom-resource/custom-resource.py#L272
Many thanks!
from aws-waf-security-automations.
Related Issues (20)
- missing file HOT 1
- Runtime.ImportModuleError: Unable to import module 'helper': No module named 'lib.s3_util' HOT 2
- Need help writing Custom ACL HOT 3
- Most if not all of Lambda functions created by version 4.0.0 contain vulnerability in requests package of Python HOT 1
- Honeypot doesn't detect correct IP address with CloudFront and recommended cache configuration. HOT 4
- 4.0.2 helper.zip not available in cn-north-1 HOT 1
- Failing to create security-automations-for-aws-waf in il-central-1 HOT 3
- Support for Cloudfront realtime logs HOT 2
- Failing to create security-automations-for-aws-waf in il-central-1 HOT 3
- WAFWebACL Drift for Security Automations for AWS WAF Solution HOT 1
- Glue Table for WAF Access Logs is missing some of the log fields (e.g. labels) HOT 4
- allow cloudwatch logs destination for traffic logs, currently only supported target is s3 HOT 8
- Invalid CRON expression `cron(* ? * * * *)` HOT 6
- Can we align the resources to CIS standards from security hub. HOT 1
- Support for COUNT mode for WAF HOT 2
- How to disable managed ruleset options HOT 1
- Add a option to use a existing WebACL HOT 1
- Based on the template https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/aws-cloudformation-templates.html the KeyPrefix: 'security-automations-for-aws-waf/v4.0.3' was associated with Python 3.10. Do you have a release for python 3.11? HOT 1
- S3 Access Denied for eu-central-1 HOT 1
- Unable to upgrade from v3.2.5 to v4.x HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-waf-security-automations.