AWS WAF: Creating Custom String Match Rule

[post-views]
November 29, 2024 · 1 min read
AWS WAF: Creating Custom String Match Rule
Start with navigating to Add Rules. Go to the Add Rules and Rule Groups page.
Click Add Rules, then Add my own rules and rule groups, and choose Rule builder > Rule visual editor.
Let’s define the Rule Settings:
  • Name: Enter a name for the rule.
  • Type: Select Regular rule.
  • Condition: Choose If a request matches the statement.
  • Configure Statement Settings.
  • Inspect: Select a request component (e.g., Single header).
For a Single header, specify the header (for example, User-Agent).
  • Match Type: Choose the condition for matching (e.g., Exactly matches string).
  • String to Match: Enter the string (e.g., Pingdombot). Maximum length: 200 characters.
  • Optional: Text Transformations.

Leave as None or choose a transformation (e.g., lowercase). Multiple transformations are applied sequentially.

  • Set Action

Select Count
Check CloudWatch logs to see if the rule works correctly, then change Action to Block or Allow.

Was this article helpful?

Like and share it with your peers.
Join SOC Prime's Detection as Code platform to improve visibility into threats most relevant to your business. To help you get started and drive immediate value, book a meeting now with SOC Prime experts.

Related Posts