File tree Expand file tree Collapse file tree 1 file changed +57
-0
lines changed
Expand file tree Collapse file tree 1 file changed +57
-0
lines changed Original file line number Diff line number Diff line change @@ -90,22 +90,79 @@ resource "aws_wafv2_web_acl" "this" {
9090 rule {
9191 name = " AWS-Managed-Bot-Control-Rule-Set"
9292 priority = 40
93+
9394 override_action {
9495 none {}
9596 }
97+
9698 statement {
9799 managed_rule_group_statement {
98100 vendor_name = " AWS"
99101 name = " AWSManagedRulesBotControlRuleSet"
102+
103+ rule_action_override {
104+ name = " SignalNonBrowserUserAgent"
105+ action_to_use {
106+ count {}
107+ }
108+ }
100109 }
101110 }
111+
102112 visibility_config {
103113 cloudwatch_metrics_enabled = true
104114 metric_name = " aws-managed-bot-control"
105115 sampled_requests_enabled = true
106116 }
107117 }
108118
119+ # 임시 조치로 ua가 node일 경우만 통과시킴
120+ rule {
121+ name = " Block-Non-Node-User-Agents"
122+ priority = 41
123+
124+ action {
125+ block {}
126+ }
127+
128+ statement {
129+ and_statement {
130+ statement {
131+ label_match_statement {
132+ scope = " LABEL"
133+ key = " awswaf:managed:aws:bot-control:signal:non_browser_user_agent"
134+ }
135+ }
136+
137+ statement {
138+ not_statement {
139+ statement {
140+ byte_match_statement {
141+ search_string = " node"
142+ field_to_match {
143+ single_header {
144+ name = " user-agent"
145+ }
146+ }
147+ positional_constraint = " CONTAINS"
148+ text_transformation {
149+ priority = 0
150+ type = " NONE"
151+ }
152+ }
153+ }
154+ }
155+ }
156+ }
157+ }
158+
159+ visibility_config {
160+ cloudwatch_metrics_enabled = true
161+ metric_name = " block-non-node-uas"
162+ sampled_requests_enabled = true
163+ }
164+ }
165+
109166 # Anonymous IP list
110167 rule {
111168 name = " AWS-Managed-Anonymous-IP-List"
You can’t perform that action at this time.
0 commit comments