AWS WAF: Creating Custom String Match Rule – Technology Security Information

Start with navigating to Add Rules. Go to the Add Rules and Rule Groups page.
Click Add Rules, then Add my own rules and rule groups, and choose Rule builder > Rule visual editor.

Let’s define the Rule Settings:

Name: Enter a name for the rule.
Type: Select Regular rule.
Condition: Choose If a request matches the statement.
Configure Statement Settings.
Inspect: Select a request component (e.g., Single header).

For a Single header, specify the header (for example, User-Agent).

Match Type: Choose the condition for matching (e.g., Exactly matches string).
String to Match: Enter the string (e.g., Pingdombot). Maximum length: 200 characters.
Optional: Text Transformations.

Leave as None or choose a transformation (e.g., lowercase). Multiple transformations are applied sequentially.

Set Action

Select Count
Check CloudWatch logs to see if the rule works correctly, then change Action to Block or Allow.

The post AWS WAF: Creating Custom String Match Rule appeared first on SOC Prime.

Related Posts

Detecting Network Spikes Identified by WAF for the Elastic Stack Platform

CVE-2023-50358 Detection: A New Zero-Day Vulnerability in QNAP QTS and QuTS Hero Firmware

MAGICSPELL Malware Detection: UAC-0168 Hackers Launch a Targeted Attack Using the Subject of Ukraine’s NATO Membership as a Phishing Lure

UAC-0184 Attack Detection: Targeted Phishing Attacks Against the Armed Forces of Ukraine Using Remcos RAT and Reverse SSH