TechQA.

AWS WAF: How to block requests that do not contain a particular header using Terraform

2.9k views Asked by At

I want to block requests that do not contain Authorization header. I came up with the following rule but I see that the requests which do not contain this header are also being allowed. What is the correct way to specify this condition?

rule {
    name = "restrict-requests-without-authorization-header"
    priority = 2

    action {
      block {}
    }

    statement {
      size_constraint_statement {
        field_to_match {
          single_header {
            name = "authorization"
          }
        }

        comparison_operator = "LE"
        size = 0
        text_transformation {
          priority = 0
          type = "NONE"
        }
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = true
      metric_name = "restrict-requests-without-authorization-header-metrics"
      sampled_requests_enabled = true
    }
  }
terraform terraform-provider-aws amazon-waf
Original Q&A
2

There are 2 answers

1
Fabián Bertetto On BEST ANSWER

You need to create a rule and a regex patter (can be a wildcard) like this:

RULE:

rule {
    name     = "AuthorizationHeaderRule"
    priority = 1

    action {
      allow {}
    }

        statement {
          regex_pattern_set_reference_statement {
            arn = aws_wafv2_regex_pattern_set.your_regex_pattern.arn

            field_to_match {
              single_header {
                name = "authorization"
              }
            }

            text_transformation {
              priority = 2
              type     = "NONE"
            }
          }
      }

And this can be the regex patter:

resource "aws_wafv2_regex_pattern_set" "your_regex_pattern" {
  name  = "your-regex-pattern"
  scope = "REGIONAL"

  regular_expression {
    regex_string = "prefix-.*"
  }
}
0
Rostyslav Malenko On 
http_headers_val_to_block = ["header01", "header02"]

resource "aws_wafv2_regex_pattern_set" "http_headers" {
  name        = "HTTP_headers"
  description = "HTTP headers regex pattern set"
  scope       = "REGIONAL"
  tags        = var.tags

  dynamic "regular_expression" {
    for_each = var.http_headers_val_to_block
    content {
      regex_string = regular_expression.value
    }
  }
}

...
rule {
    name     = "IPs_and_HTTP_Header_Based_Rule"
    priority = 8

    action {
      block {}
    }

    statement {

      or_statement {
        statement {

          ip_set_reference_statement {
            arn = aws_wafv2_ip_set.toblock.arn
          }
        }

        statement {

          regex_pattern_set_reference_statement {
            arn = aws_wafv2_regex_pattern_set.http_headers.arn

            field_to_match {
              single_header {
                name = "referer"
              }
            }

            text_transformation {
              priority = 2
              type     = "LOWERCASE"
            }
          }
        }
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = false
      metric_name                = "IPs-and-HTTP-Header-Based-Rule-metric"
      sampled_requests_enabled   = false
    }
  }
...

Related Questions in TERRAFORM

Related Questions in TERRAFORM-PROVIDER-AWS

Related Questions in AMAZON-WAF

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions