本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
機器人控制範例:使用兩個陳述式來限制目標檢驗層級的使用
作為成本最佳化,您可以在 Web ACL 中使用兩個 AWS WAF Bot Control 受管規則群組陳述式,其中包含不同的檢查層級和範圍。例如,您可以將目標檢查層級陳述式的範圍限定為較敏感的應用程式端點。
下列範例中的兩個陳述式具有互斥的範圍設定。如果沒有此配置,請求可能會導致兩次計費評估。
注意
主控台的視覺化編輯器不支援參考AWSManagedRulesBotControlRuleSet
多個陳述式。而是使用 JSON 編輯器。
{ "Name": "Bot-WebACL", "Id": "...", "ARN": "...", "DefaultAction": { "Allow": {} }, "Description": "Bot-WebACL", "Rules": [ { ... }, { "Name": "AWS-AWSBotControl-Common", "Priority": 5, "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "
AWSManagedRulesBotControlRuleSet
", "ManagedRuleGroupConfigs": [ { "AWSManagedRulesBotControlRuleSet": { "InspectionLevel": "COMMON" } } ], "RuleActionOverrides": [], "ExcludedRules": [] }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSBotControl-Common" }, "ScopeDownStatement": { "NotStatement": { "Statement": { "ByteMatchStatement": { "FieldToMatch": { "UriPath": {} }, "PositionalConstraint": "STARTS_WITH", "SearchString": "/sensitive-endpoint", "TextTransformations": [ { "Type": "NONE", "Priority": 0 } ] } } } } } }, { "Name": "AWS-AWSBotControl-Targeted", "Priority": 6, "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "AWSManagedRulesBotControlRuleSet
", "ManagedRuleGroupConfigs": [ { "AWSManagedRulesBotControlRuleSet": { "InspectionLevel": "TARGETED", "EnableMachineLearning": true } } ], "RuleActionOverrides": [], "ExcludedRules": [] }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSBotControl-Targeted" }, "ScopeDownStatement": { "Statement": { "ByteMatchStatement": { "FieldToMatch": { "UriPath": {} }, "PositionalConstraint": "STARTS_WITH", "SearchString": "/sensitive-endpoint", "TextTransformations": [ { "Type": "NONE", "Priority": 0 } ] } } } } } ], "VisibilityConfig": { ... }, "Capacity": 1496, "ManagedByFirewallManager": false }