Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
Cette section fournit des exemples de journalisation de la protection des données du trafic ACL Web.
DataProtection hachage
Configuration de Webacl
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_QUERY_ARGUMENT",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
Exemple DataProtection de hachage : entrée de journal avec l' SingleQuery argument « hoppy » protégée.
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=" ],
"matchedFieldName": "hoppy"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "hoppy=z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
DataProtection substitution
Config Webcal
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_QUERY_ARGUMENT",
"field_keys": [
"hoppy"
]
},
"action": "SUBSTITUTION",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
Exemple DataProtection de substitution : entrée de journal avec l'argument de requête unique « hoppy » protégé
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": []
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "hoppy=REDACTED&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
Conservation des données dans RuleMatchDetails
Configuration de Webacl
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_HEADER",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": true,
"exclude_rate_based_details": false
}
]
}
Exemple de conservation des données dans RuleMatchDetails : entrée de journal protégée par un seul Header
« hoppy », mais la valeur n'est conservée que dansRuleMatchDetails
.
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "HEADER",
"matchedData": [ "10", "AND", "1" ],
"matchedFieldName": "hoppy"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "hoppy",
"value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "hoppy",
"value": "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM="
}],
"uri": "/CanaryTest",
"args": "happy=true",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
Conservation des données dans rateBasedRule
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_HEADER",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": true
}
]
}
Exemple de conservation des données dans une rateBasedRule liste : entrée de journal avec le seul Header
« hoppy » protégé mais la valeur n'est conservée que dans rateBasedRuleList
{
"timestamp": 1683355579981,
"formatVersion": 1,
"webaclId": ...,
"terminatingRuleId": "RateBasedRule",
"terminatingRuleType": "RATE_BASED",
"action": "BLOCK",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "EXAMPLE11:rjvegx5guh:CanaryTest",
"ruleGroupList": [],
"rateBasedRuleList": [{
"rateBasedRuleId": ...,
"rateBasedRuleName": "RateBasedRule",
"limitKey": "CUSTOMKEYS",
"maxRateAllowed": 100,
"evaluationWindowSec": "120",
"customValues": [{
"key": "HEADER",
"name": "hoppy",
"value": "ella"
}]
}],
"nonTerminatingMatchingRules": [],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "52.46.82.45",
"country": "FR",
"headers": [{
"name": "X-Forwarded-For",
"value": "52.46.82.45"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "rjvegx5guh.execute-api.eu-west-3.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-645566cf-7cb058b04d9bb3ee01dc4036"
}, {
"name": "hoppy",
"value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="
}, {
"name": "User-Agent",
"value": "RateBasedRuleTestKoipOneKeyModulePV2"
}, {
"name": "Accept-Encoding",
"value": "gzip,deflate"
}],
"uri": "/CanaryTest",
"args": "",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "Ed0AiHF_CGYF-DA="
}
}
Protection des données pour Body
AWS WAF enregistre uniquement les sous-ensembles de Body in. RuleMatchDetails
Configuration de Webacl
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "BODY"
},
"action": "SUBSTITUTE",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
Exemple DataProtection pour Body : entrée de journal avec Body Subsituted. ruleMatchDetails
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIBody",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "BODY",
"matchedData": ["REDACTED"]
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=dog;"
}],
"uri": "/CanaryTest",
"args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
Protection des données pour SINGLE_COOKIE
Configuration de Webacl
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_COOKIE",
"field_keys": [
"MILO"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
Exemple DataProtection de SINGLE_COOKIE
: entrée de journal protégée par le SINGLE_COOKIE
nom « MILO ».
Le journal complet indique que le cookie nommé MILO est protégé dans ruleMatchDetails
l'en-tête du cookie. Seules les valeurs des cookies sont protégées et les noms de clés sont exclus.
Note
Tous les champs protégés (en-tête unique, cookie, argument de requête) ne distinguent pas les majuscules et minuscules. Ainsi, dans cet exemple, « MILO » correspond à « milo ».
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "COOKIE",
"matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="],
"matchedFieldName": "milo"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=dog;milo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg=="
}],
"uri": "/CanaryTest",
"args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
Protection des données pour tous les cookies
Vous pouvez configurer la protection des données pour les cookies en utilisantSINGLE_HEADER
. Seules les valeurs des cookies sont protégées et les noms de clés sont exclus.
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_HEADER",
"FieldKeys": ["cookie"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
Exemple DataProtection pour le header
« COOKIE » : entrée de journal avec l'en-tête du cookie protégé.
Note
Le nom du cookie AWS-WAF-TOKEN
n'est pas couvert par la protection des données.
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=REDACTED;milo=REDACTED;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg=="
}],
"uri": "/CanaryTest",
"args": "baloo=xyz=&hoppy-query=abc&x-hoppy-extra=abc",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
Protection des données pour les arguments d'une seule requête
Vous pouvez configurer la protection des données pour une chaîne de requête en utilisantSINGLE_QUERY_ARGUMENT
. Cela affecte les clés et les valeurs de tous les arguments de requête. Pour les exemples suivants, la chaîne de requête d'origine étaitbaloo=10 AND 1=1&hoppy=10 AND 1=1&x-hoppy-extra=generic-%3Cwords
.
Configuration de Webacl
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["hoppy"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
Exemple DataProtection de SINGLE_QUERY_ARGUEMENT
: entrée de journal avec une chaîne de requête « hoppy » protégée par substitution.
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["REDACTED"],
"matchedFieldName": "hoppy"
}]
},
{
"ruleId": "FullQueryStringInspectionWhichDetectsTheFirstFieldWithSQLi_Baloo_IsAlsoMaskedMasked",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_ARGS",
"matchedData": ["REDACTED"],
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "10", "AND", "1" ],
"matchedFieldName": "baloo"
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "baloo=10 AND 1=1&hoppy=REDACTED&x-hoppy-extra=generic-%3Cwords",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
Protection des données pour les chaînes de requête
Vous pouvez configurer la protection des données pour une chaîne de requête en utilisantQUERY_STRING
. Cela affecte les clés et les valeurs de tous les arguments de requête. Pour les exemples suivants, la chaîne de requête d'origine étaitbaloo=10 AND 1=1&hoppy-query=10 AND 1=1&x-hoppy-extra=generic-%3Cwords
.
Configuration de Webacl
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "QUERY_STRING"
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
Exemple DataProtection de QUERY_STRING
: entrée de journal avec une chaîne de requête protégée par substitution.
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_STRING",
"matchedData": ["REDACTED"]
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "REDACTED" ],
"matchedFieldName": "REDACTED"
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "REDACTED",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
Protection des données pour plusieurs arguments de requête
Vous pouvez configurer la protection des données pour des arguments de requête individuels en utilisantSINGLE_QUERY_ARGUMENT
. Lorsque nous communiquons des informations locales, nous utilisons des protections locales. Cependant, les chaînes qui correspondent dans la chaîne de requête et dans l'en-tête du cookie ont de nombreuses configurations de protection qui peuvent s'appliquer. Pour simplifier, la protection la plus stricte RuleMatchDetails
est appliquée, même si elle ne se chevauche pas avec la plage de données spécifique correspondante.
Pour les exemples suivants, la chaîne de requête d'origine étaitbaloo=is_a_good_boy&hoppy=likes_to_sleep&x-hoppy-extra=10 AND 1=1
.
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["hoppy"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
},
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["baloo"]
},
"Action": "HASH",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
Exemple DataProtection de plusieurs arguments de requête.
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["REDACTED"],
"matchedFieldName": "hoppy"
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="],
"matchedFieldName": "baloo"
}]
},
{
"ruleId": "FullQueryStringDetects_x-hoppy-extra_IsSubstituted",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_ARGS",
"matchedData": ["REDACTED"], // Harshest of Protection Config
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "baloo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=&hoppy=REDACTED&x-hoppy-extra=10 AND 1=1",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
Note
Vous ne pouvez pas spécifier à la fois QueryString le masquage et le masquage des arguments à requête unique dans le même WebACL.