You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: deployment/aws-waf-security-automations.template
+9-9Lines changed: 9 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -114,9 +114,9 @@ Parameters:
114
114
- 'yes - NO_MATCH'
115
115
- 'no'
116
116
Description: >-
117
-
Choose yes to enable the component designed to block common SQL injection attacks. You can also select an option you want AWS WAF to handle oversized request exceeding 8 KB (8192 bytes).
118
-
By default 'yes' uses CONTINUE option, which inspects the request component contents that are within the size limitations normally according to the rule inspection criteria.
119
-
For more information, see https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html.
117
+
Choose yes to deploy the default SQL injection protection rule designed to block common SQL injection attacks.
118
+
It uses CONTINUE option for oversized request handling by default. Note: If you customized the rule outside of CloudFormation,
119
+
your changes will be overwritten after stack update.
120
120
121
121
SqlInjectionProtectionSensitivityLevelParam:
122
122
Type: String
@@ -125,10 +125,10 @@ Parameters:
125
125
- 'LOW'
126
126
- 'HIGH'
127
127
Description: >-
128
-
Choose the sensitivity level that you want AWS WAF to use to inspect for SQL injection attacks. HIGH detects more attacks, but might generate more false positives.
129
-
LOW is generally a better choice for resources that already have other protections against SQL injection attacks or that have a low tolerance for false positives.
130
-
For more information, see https://aws.amazon.com/about-aws/whats-new/2022/07/aws-waf-sensitivity-levels-sql-injection-rule-statements/.
128
+
Choose the sensitivity level used by WAF to inspect for SQL injection attacks.
131
129
If you choose to deactivate SQL injection protection, ignore this parameter.
130
+
Note: The stack deploys the default SQL injection protection rule into your AWS account.
131
+
If you customized the rule outside of CloudFormation, your changes will be overwritten after stack update.
132
132
133
133
ActivateCrossSiteScriptingProtectionParam:
134
134
Type: String
@@ -139,9 +139,9 @@ Parameters:
139
139
- 'yes - NO_MATCH'
140
140
- 'no'
141
141
Description: >-
142
-
Choose yes to enable the component designed to block common SQL injection attacks. You can also select an option you want AWS WAF to handle oversized request exceeding 8 KB (8192 bytes).
143
-
By default 'yes' uses CONTINUE option, which inspects the request component contents that are within the size limitations normally according to the rule inspection criteria.
144
-
For more information, see https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html.
142
+
Choose yes to deploy the default cross-site scripting protection rule designed to block common cross-site scripting attacks.
143
+
It uses CONTINUE option for oversized request handling by default. Note: If you customized the rule outside of CloudFormation,
144
+
your changes will be overwritten after stack update.
0 commit comments