Without any rules, the traffic passes without inspection. The rule's conditions allow for traffic inspection and take a defined action (allow, block, or count). The control fails if no rules are present within a rule group.Ī WAF global rule group can contain multiple rules. This control checks whether an AWS WAF global rule group has at least one rule. AWS WAF Classic global rule groups should have at least one ruleĪWS Config rule: waf-global-rulegroup-not-empty A WAF global rule with no conditions, but with a name or tag suggesting allow, block, or count, couldįor instructions on creating a rule and adding conditions, see Creating a rule and adding conditions in the AWS WAF Developer Guide. Without any conditions, the traffic passes without inspection. A rule's conditions allow for traffic inspection and take a defined action (allow, block, or count). The control fails if no conditions are present within a rule.Ī WAF global rule can contain multiple conditions. This control checks whether an AWS WAF global rule contains any conditions. AWS WAF Classic global rules should have at least one conditionĪWS Config rule: waf-global-rule-not-empty To add rules or rule groups to an empty AWS WAF Classic Regional web ACL, see Editing a Web ACL in the AWS WAF Developer Guide. Pass without being detected or acted upon by WAF depending on the default action. If a web ACL is empty, the web traffic can This control fails if a web ACL does not contain anyĪ WAF Regional web ACL can contain a collection of rules and rule groups that inspect and control web requests. This control checks whether an AWS WAF Classic Regional web ACL contains any WAF rules or WAF rule groups. Related requirements: 5 CA-9(1), 5 CM-2ĪWS Config rule: waf-regional-webacl-not-empty AWS WAF Classic Regional web ACLs should have at least one rule or rule group To add rules and rule conditions to an empty rule group, see Adding and deleting rules from an AWS WAF Classic rule groupĪnd Adding and removing conditions in a rule in the AWS WAF Developer Guide. A WAF Regional rule group with no rules, but with a name or tag suggesting allow, block, or count, could The control fails if no rules are present within a rule group.Ī WAF Regional rule group can contain multiple rules. This control checks whether an AWS WAF Regional rule group has at least one rule. Resource type: AWS::WAFRegional::RuleGroupĪWS Config rule: waf-regional-rulegroup-not-empty AWS WAF Classic Regional rule groups should have at least one rule To add a condition to an empty rule, see Adding and removing conditions in a rule in the AWS WAF Developer Guide. Lead to the wrong assumption that one of those actions is occurring. A WAF Regional rule with no conditions, but with a name or tag suggesting allow, block, or count, could The control fails if no conditions are present within a rule.Ī WAF Regional rule can contain multiple conditions. This control checks whether an AWS WAF Regional rule has at least one condition. Related requirements: 5 AC-4(21), 5 SC-7, 5 SC-7(11), 5 SC-7(16), 5 SC-7(21)Ĭategory: Protect > Secure network configurationĪWS Config rule: waf-regional-rule-not-empty AWS WAF Classic Regional rules should have at least one condition Logging web ACL traffic information in the AWS WAF Developer Guide. To enable logging for an AWS WAF web ACL, see It also providesĭetailed information about the traffic that is analyzed by the web ACL that is Organizations, and allows you to troubleshoot application behavior. It is a business and compliance requirement in many Logging is an important part of maintaining the reliability, availability, and ThisĬontrol fails if logging is not enabled for the web ACL. This control checks whether logging is enabled for an AWS WAF global web ACL. AWS WAF Classic Global Web ACL logging should be enabled For more information, see Availability of controls by Region. These controls may not be available in all AWS Regions. These controls are related to AWS WAF resources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |