Note: The terminatingRuleMatchDetails field populates only for SQLi_BODY and CrossSiteScripting_BODY attacks. Resolution File uploads blocked by SQLi_BODY and CrossSiteScripting_BODY rulesĬheck the terminatingRuleMatchDetails field in the AWS WAF comprehensive logs for the rule information. The following rules commonly block file uploads:
If a common rule isn't blocking the upload, then consider additional options to allow blocked files. In this post, I will show you which AWS Managed Rule Group is addressing which Web Application Security Risk from the OWASP TOP 10. Lastly, press the orange Add rules button. Open the AWS managed rule groups menu and scroll down to the SQL database option. The screenshot below shows page two of the wizard with the option to add managed rule groups. It represents a broad consensus about the most critical security risks to web applications. Click the Add rules dropdown and select Add managed rule groups. You must use other methods to eliminate false positives from uploading files or images.įirst, review the common rules that might block file uploads. The OWASP Top 10 is a standard awareness document for developers and web application security. These random characters might invoke web ACL rules due to their similarity to an actual XSS or SQL injection signature in AWS WAF.įiltering for specific file types isn't supported by AWS WAF.
The SQL injection and cross-site scripting (XSS) rules are sensitive to files that contain random characters in their metadata.AWS WAF BODY filters inspect only the first 8,192 bytes of the payload of a POST request for malicious scripts.This construct can only be attached to a configured AWS AppSync API.To understand why a POST request is blocked by AWS WAF, note the following points:
Typescript import from Use an existing AppSync GraphQL APIĬonst existingGraphQLApi = previousl圜reatedApi
0 kommentar(er)
