Managing rule group behavior in a web ACL
This section describes your options for modifying how you use a rule group in your web ACL. This information applies to all rule group types. After you add a rule group to a web ACL, you can override the actions of the individual rules in the rule group to Count or to any other valid rule action setting. You can also override the rule group's resulting action to Count, which has no effect on how the rules are evaluated inside the rule group.
For information about these options, see Action overrides in rule groups.
Overriding rule actions in a rule group
For each rule group in a web ACL, you can override the contained rule's actions for some or all of the rules.
The most common use case for this is overriding the rule actions to Count to test new or updated rules. If you have metrics enabled, you receive metrics for each rule that you override. For more information about testing, see Testing and tuning your AWS WAF protections.
To override rule actions in a rule group
You can make these changes when you're adding a managed rule group to the web ACL, and you can make them to any type of rule group when you edit the web ACL. These instructions are for a rule group that has already been added to the web ACL. See additional information about this option at Rule action overrides.
-
Edit the web ACL.
-
In the web ACL page Rules tab, select the rule group, then choose Edit.
-
In the Rules section for the rule group, manage the action settings as needed.
-
All rules – To set an override action for all rules in the rule group, open the Override all rule actions dropdown and select the override action. To remove the overrides for all rules, select Remove all overrides.
-
Single rule – To set an override action for a single rule, open the rule's dropdown and select the override action. To remove an override for a rule, open the rule's dropdown and select Remove override.
-
-
When you are finished making your changes, choose Save rule. The rule action and override action settings are listed in the rule group page.
The following example JSON listing shows a rule group declaration inside a web ACL that
overrides the rule actions to Count for the rules
CategoryVerifiedSearchEngine and
CategoryVerifiedSocialMedia. In the JSON, you override all rule
actions by providing a RuleActionOverrides entry for each
individual rule.
{ "Name": "AWS-AWSBotControl-Example", "Priority": 5, "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "AWSManagedRulesBotControlRuleSet", "RuleActionOverrides": [ { "ActionToUse": { "Count": {} }, "Name": "CategoryVerifiedSearchEngine" }, { "ActionToUse": { "Count": {} }, "Name": "CategoryVerifiedSocialMedia" } ], "ExcludedRules": [] }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSBotControl-Example" } }
Overriding a rule group's evaluation result to Count
You can override the action that results from a rule group evaluation, without altering how the rules in the rule group are configured or evaluated. This option is not commonly used. If any rule in the rule group results in a match, this override sets the resulting action from the rule group to Count.
Note
This is an uncommon use case. Most action overrides are done at the rule level, inside the rule group, as described in Overriding rule actions in a rule group.
You can override the rule group's resulting action in the web ACL when you add
or edit the rule group. In the console, open the rule group's Override
rule group action - optional pane and enable the override. In the
JSON set OverrideAction in the rule group statement, as shown in
the following example listing:
{ "Name": "AWS-AWSBotControl-Example", "Priority": 5, "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "AWSManagedRulesBotControlRuleSet" } }, "OverrideAction": { "Count": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSBotControl-Example" } }
