本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
本節提供 Web ACL 流量資料保護記錄的日誌範例。
DataProtection 雜湊
Webacl 組態
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_QUERY_ARGUMENT",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
範例 DataProtection 雜湊:受保護 SingleQuery 引數 "hoppy" 的日誌項目。
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=" ],
"matchedFieldName": "hoppy"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "hoppy=z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM=&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
DataProtection 替代
Webacl Config
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_QUERY_ARGUMENT",
"field_keys": [
"hoppy"
]
},
"action": "SUBSTITUTION",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
範例 DataProtection 替代:具有單一查詢引數的日誌項目「跳躍」受保護
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": []
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "hoppy=REDACTED&yellow=hello&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
在 RuleMatchDetails 中保留資料
Webacl 組態
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_HEADER",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": true,
"exclude_rate_based_details": false
}
]
}
在 RuleMatchDetails 中保留資料的範例:具有單一Header
「躍點」保護的日誌項目,但值只會保留在 中RuleMatchDetails
。
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "HEADER",
"matchedData": [ "10", "AND", "1" ],
"matchedFieldName": "hoppy"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "hoppy",
"value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "hoppy",
"value": "z6hpYAFaMYdtiTeHhxnN5ydgRE5E1WgyVIdgqH0D3iM="
}],
"uri": "/CanaryTest",
"args": "happy=true",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
在 rateBasedRule 中保留資料
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_HEADER",
"field_keys": [
"hoppy"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": true
}
]
}
RateBasedRuleList 中保留資料的範例:具有單一Header
「躍點」保護的日誌項目,但值只會保留在 rateBasedRuleList
{
"timestamp": 1683355579981,
"formatVersion": 1,
"webaclId": ...,
"terminatingRuleId": "RateBasedRule",
"terminatingRuleType": "RATE_BASED",
"action": "BLOCK",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "EXAMPLE11:rjvegx5guh:CanaryTest",
"ruleGroupList": [],
"rateBasedRuleList": [{
"rateBasedRuleId": ...,
"rateBasedRuleName": "RateBasedRule",
"limitKey": "CUSTOMKEYS",
"maxRateAllowed": 100,
"evaluationWindowSec": "120",
"customValues": [{
"key": "HEADER",
"name": "hoppy",
"value": "ella"
}]
}],
"nonTerminatingMatchingRules": [],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "52.46.82.45",
"country": "FR",
"headers": [{
"name": "X-Forwarded-For",
"value": "52.46.82.45"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "rjvegx5guh.execute-api.eu-west-3.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-645566cf-7cb058b04d9bb3ee01dc4036"
}, {
"name": "hoppy",
"value": "zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="
}, {
"name": "User-Agent",
"value": "RateBasedRuleTestKoipOneKeyModulePV2"
}, {
"name": "Accept-Encoding",
"value": "gzip,deflate"
}],
"uri": "/CanaryTest",
"args": "",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "Ed0AiHF_CGYF-DA="
}
}
內文的資料保護
AWS WAF 僅記錄 中內文的子集RuleMatchDetails
。
Webacl 組態
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "BODY"
},
"action": "SUBSTITUTE",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
內文的範例 DataProtection:在 中內文子定位的日誌項目ruleMatchDetails
。
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIBody",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "BODY",
"matchedData": ["REDACTED"]
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=dog;"
}],
"uri": "/CanaryTest",
"args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
SINGLE_COOKIE
的資料保護
Webacl 組態
"data_protection_config": {
"data_protections": [
{
"field": {
"field_type": "SINGLE_COOKIE",
"field_keys": [
"MILO"
]
},
"action": "HASH",
"exclude_rule_match_details": false,
"exclude_rate_based_details": false
}
]
}
適用於 的範例 DataProtectionSINGLE_COOKIE
:受SINGLE_COOKIE
名為 "MILO" 保護的日誌項目。
完整日誌顯示名為 MILO 的 Cookie 受到 ruleMatchDetails
和 Cookie 標頭的保護。只有 Cookie 值會受到保護,金鑰名稱會遭到排除。
注意
所有受保護的欄位 (單一標頭、Cookie、查詢 arg) 不區分大小寫。因此,在此範例中,「MILO」符合「milo」。
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [{
"ruleId": "ProtectedSQLIHeadersVisibleInSTM",
"action": "COUNT",
"ruleMatchDetails": [{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "COOKIE",
"matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="],
"matchedFieldName": "milo"
}]
}],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=dog;milo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg=="
}],
"uri": "/CanaryTest",
"args": "baloo=abc&hoppy-query=xyz&x-hoppy-extra=generic-%3Cwords%3E-in-angle-brackets",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
所有 Cookie 的資料保護
您可以使用 設定 Cookie 的資料保護SINGLE_HEADER
。只有 Cookie 值會受到保護,金鑰名稱會遭到排除。
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_HEADER",
"FieldKeys": ["cookie"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
header
「COOKIE」的範例 DataProtection:日誌項目,其中 Cookie 標頭受到保護。
注意
Cookie 名稱AWS-WAF-TOKEN
超出資料保護的範圍。
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionhashACL/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}, {
"name": "cookie",
"value": "hoppy=REDACTED;milo=REDACTED;aws-waf-token=51c71352-41f5-4f6d-b676-c24907bdf819:EQoAZ/J+AAQAAAAA:t9wvxbw042wva7E2Y6lgud/bS6YG0CJKVAJqaRqDZ140ythKW0Zj9wKB2O8lSkYDRqf1yONcVBFo5u0eYi0tvT4rtQCXsu+KanAardW8go4QSLw4yoED59lgV7oAhGyCalAzE7ra29j+RvvZPsQyoQuDCrtoY/TvQyMTXIXzGPDC/rKBbg=="
}],
"uri": "/CanaryTest",
"args": "baloo=xyz=&hoppy-query=abc&x-hoppy-extra=abc",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
單一查詢引數的資料保護
您可以使用 設定查詢字串的資料保護SINGLE_QUERY_ARGUMENT
。這會影響所有查詢引數的索引鍵和值。針對下列範例,原始查詢字串為 baloo=10 AND 1=1&hoppy=10 AND 1=1&x-hoppy-extra=generic-%3Cwords
。
Webacl 組態
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["hoppy"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
適用於 的範例 DataProtectionSINGLE_QUERY_ARGUEMENT
:具有「跳躍」查詢字串的日誌項目,以替代方式保護。
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["REDACTED"],
"matchedFieldName": "hoppy"
}]
},
{
"ruleId": "FullQueryStringInspectionWhichDetectsTheFirstFieldWithSQLi_Baloo_IsAlsoMaskedMasked",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_ARGS",
"matchedData": ["REDACTED"],
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "10", "AND", "1" ],
"matchedFieldName": "baloo"
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "baloo=10 AND 1=1&hoppy=REDACTED&x-hoppy-extra=generic-%3Cwords",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
查詢字串的資料保護
您可以使用 設定查詢字串的資料保護QUERY_STRING
。這會影響所有查詢引數的索引鍵和值。針對下列範例,原始查詢字串為 baloo=10 AND 1=1&hoppy-query=10 AND 1=1&x-hoppy-extra=generic-%3Cwords
。
Webacl 組態
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "QUERY_STRING"
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
範例 DataProtection for QUERY_STRING
:具有以替換保護之查詢字串的日誌項目。
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_STRING",
"matchedData": ["REDACTED"]
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": [ "REDACTED" ],
"matchedFieldName": "REDACTED"
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "REDACTED",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
多個查詢引數的資料保護
您可以使用 設定個別查詢引數的資料保護SINGLE_QUERY_ARGUMENT
。報告本機資訊時,我們使用本機保護。不過,符合查詢字串和 Cookie 標頭的字串有許多可能適用的保護組態。為了簡化,RuleMatchDetails
會套用最嚴格的 保護,即使它未與符合的特定資料範圍重疊。
針對下列範例,原始查詢字串為 baloo=is_a_good_boy&hoppy=likes_to_sleep&x-hoppy-extra=10 AND 1=1
。
"DataProtectionConfig": {
"DataProtections": [
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["hoppy"]
},
"Action": "SUBSTITUTION",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
},
{
"Field": {
"FieldType": "SINGLE_QUERY_ARGUMENT",
"FieldKeys": ["baloo"]
},
"Action": "HASH",
"ExcludeRuleMatchDetails": false,
"ExcludeRateBasedDetails": false
}
]
}
多個查詢引數的範例 DataProtection。
{
"timestamp": 1738705092889,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/DataProtectionSubstituteQueryString/4eede063-e611-44f5-b357-ffc9d7b7fed5",
"terminatingRuleId": "Default_Action",
"terminatingRuleType": "REGULAR",
"action": "ALLOW",
"terminatingRuleMatchDetails": [],
"httpSourceName": "APIGW",
"httpSourceId": "746533260405:xt7v59bhn7:ABC",
"ruleGroupList": [],
"rateBasedRuleList": [],
"nonTerminatingMatchingRules": [
{
"ruleId": "ProtectedHoppyQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["REDACTED"],
"matchedFieldName": "hoppy"
}]
},
{
"ruleId": "ProtectedBalooQueryArg",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "SINGLE_QUERY_ARG",
"matchedData": ["zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE="],
"matchedFieldName": "baloo"
}]
},
{
"ruleId": "FullQueryStringDetects_x-hoppy-extra_IsSubstituted",
"action": "COUNT",
"ruleMatchDetails": [
{
"conditionType": "SQL_INJECTION",
"sensitivityLevel": "HIGH",
"location": "QUERY_ARGS",
"matchedData": ["REDACTED"], // Harshest of Protection Config
}]
}
],
"requestHeadersInserted": null,
"responseCodeSent": null,
"httpRequest": {
"clientIp": "54.239.98.137",
"country": "US",
"headers": [{
"name": "X-Forwarded-For",
"value": "54.239.98.137"
}, {
"name": "X-Forwarded-Proto",
"value": "https"
}, {
"name": "X-Forwarded-Port",
"value": "443"
}, {
"name": "Host",
"value": "xt7xxx9bhn7.gamma.execute-api.us-east-1.amazonaws.com"
}, {
"name": "X-Amzn-Trace-Id",
"value": "Root=1-67a288c4-27acb3cd5795dd8456b7e3c3"
}, {
"name": "Accept-Encoding",
"value": "gzip"
}, {
"name": "User-Agent",
"value": "okhttp/3.12.1"
}],
"uri": "/CanaryTest",
"args": "baloo=zuomr2mxQxofg6EI6f7hMNGaJhhPxt0rFVAXog6FLxE=&hoppy=REDACTED&x-hoppy-extra=10 AND 1=1",
"httpVersion": "HTTP/1.1",
"httpMethod": "GET",
"requestId": "FepO0F8fIAMEqoQ="
},
"labels": [{
"name": "awswaf:forwardedip:geo:country:US"
}, {
"name": "awswaf:forwardedip:geo:region:US-VA"
}]
}
注意
您無法在相同的 webACL 中同時指定 QueryString 遮罩和單一查詢 Arg 遮罩。