We have enabled AWS WAF solution before my ALB and have SQL injection and XSS detection enabled. We have tried to setup a custom rule to check if the content-type is multipart\/form\-data* using re...

I can't find any examples or documentation on how to associate a WAF with an ALB via CloudFormation. Supposedly its possible going by this news announcement https://aws.amazon.com/about-aws/whats-n...

Error: Error creating WAFv2 WebACL: WAFInvalidParameterException: Error reason: You have used none or multiple values for a field that requires exactly one value., field: RULE_ACTION, parameter: Ru...

I am using terraform to create a web-acl in aws and want to associate that web-acl with CloudFront distribution. So, here's how my code looks like: provider "aws" { alias = "east1&q...

Posting a form with " on" or any word starting with "on" as last word in a form field resulting in an XSS block from aws waf blocked by this rule Body contains a cross-site scripting threat after ...

There are two versions of the AWS API Gateway: REST version HTTP version (v2) I am using the newer HTTP version with a lambda authorizer and would like to protect my staging/test environments fro...

To secure our API, I'm trying to deploy a WAFRegional with a RateBasedRule. The API Gateway is located in a SAM template wherein I have also a nested stack for the child template holding the WAFReg...

I want to associate a WAFv2 Web ACL to an API GatewayV2 HTTP stage. Following the terraform docs, I tried this: resource "aws_wafv2_web_acl_association" "this" { resource_arn =...

I have a WAF ACL associated with my application load balancer and I'd like to change the priority of the rules. For the life of me I can't find any documentation on how this is done and can't figur...

I created the following AWS WAF ACL and I want to associate it with my ALB using terraform. is there any way I can do it using terraform? I want to block all requests except the ones that have sec...

I have a website served via AWS CloudFront. I've been getting a ton of entries in my nginx logs that look something like this: nginx_1 | 103.241.51.144 - - [09/Aug/2020:16:03:08 +0000] "GET /m...

I have a path (mysite.com/myapiendpoint for sake of example) that is both resource intensive to service, and very prone to bot abuse. I need to rate limit access to that specific path to something ...

Does anyone know if it's possible to change an existing AWS Elastic Beanstalk environment to an Application Load Balancer (instead of a classic one). As far as I know only Application ELB's can b...

I'm attempting to move a suite of end-to-end tests so that they are fully contained within AWS. I've done this through code build and gotten everything running up to the point of running the tests,...

I want to put WAF in front of API Gateway, and with the (little) info I find that is only possible by manually putting an extra Cloudfront distribution with WAF enabled, in front of APIG. It's a bi...

I want to set up a Cloud Formation in aws to attach a Rate Based Rule to my LB. I have been reading the AWS documentation for hours, and I know how to create a regular WAF Rule in Cloud Forma...

I am trying to add CloudFront distribution to AWS WAF by using CloudFormation and have tried this, "Type": "AWS::WAFRegional::WebACLAssociation", "Properties": { "ResourceArn": "arn:aws:cloudfro...

I need to use AWS WAF for my web application hosted on AWS to provide additional rule based security to it. I couldnt find any way to directly use WAF with ELB and WAF needs Cloudfront to add WEB A...