CloudFront テンプレートを利用したWAFの初期ポリシー設定
http://docs.aws.amazon.com/ja_jp/waf/latest/developerguide/tutorials-common-attacks.html
AWSコンソールにログイン
URLを開く
https://ap-northeast-1.console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/new
スタックの作成
作成後、WAFを紐付ける
https://console.aws.amazon.com/waf/
作成されているACLを選択
CloudFrontにしか適応できないよ。
定義されているACLs
- CommonAttackProtectionLargeBodyMatchRule
- The length of the Body is greater than 8192.
- CommonAttackProtectionManualIPBlockRule
- none
- CommonAttackProtectionSqliRule
- URI contains SQL injection threat after decoding as URL.
- Body contains SQL injection threat after decoding as HTML tags.
- Query string contains SQL injection threat after decoding as URL.
- Body contains SQL injection threat after decoding as URL.
- Query string contains SQL injection threat after decoding as HTML tags.
- CommonAttackProtectionXssRule
- Body contains a cross-site scripting threat after decoding as HTML tags.
- Query string contains a cross-site scripting threat after decoding as HTML tags.
- Query string contains a cross-site scripting threat after decoding as URL.
- Body contains a cross-site scripting threat after decoding as URL.
- URI contains a cross-site scripting threat after decoding as URL.