New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WAFv2 acl rules should allow JSON body and oversize content handling options #25832
Comments
This has been added as an output when applying blocks or modules rather than in documentation so as to keep it at the forefront of developers' minds. This is a temporary workaround whilst Terraform implement support for the feature. This was prompted by a notification from AWS: "... With AWS WAF, customers can configure rules that allow, block, captcha, or monitor (count) web requests based on conditions they define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting. When customers enable AWS WAF for CloudFront, Application Load Balancer, API Gateway or AppSync, only the first 8 KB of the request body are forwarded to AWS WAF for inspection. The 8 KB limit helps maintain high WAF performance and low latency, even during conditions of exceptional load. However, some bypass attempts intentionally put data towards the end of large (> 8 KB) requests. If your application does not expect requests greater than 8 KB in size, you can prevent them from passing through with a WAF size constraint rule statement. This will result in large requests being denied. We have detected you have one or more rules in your WAF web ACL that inspect the HTTP request body (or JSON body) but do not have a size constraint rule statement. As a result, we may not be inspecting all traffic, specifically requests > 8 KB, to your application. On April 29, 2022, we launched the ability to specify how oversized requests should be handled as part of your web ACL when you configure WAF to inspect Body or JSON body. Although defining oversize handling behavior is optional today, on October 1, 2022, we will make specifying the handling behavior for oversized requests required when there is no size constraint on the Body or JSON body rule. After October 1, 2022, if you have not updated your web ACL to either add a size constraint statement on Body or JSON body rules in your web ACL, or define the oversize handling behavior for these rules, updates to your WAF rules using the API will fail. You can learn more about configuring oversize handling behavior by visiting the AWS WAF documentation [1]. ..." See more: hashicorp/terraform-provider-aws#25832
Is any update? AWS will blocked API call without Oversized OversizeHandling after Oct.1 |
I have submitted a pull request here #26506, to add support for the oversize handling for the existing body option. |
…-content-handling f/added oversize handling to waf v2 body and headers
Resolved by #26506 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
The WAFv2 acl rule related resource should allow setting of the body field content-type as JSON and oversize body content handling options. Currently this does not seem to be possible via Terraform.
Duplicates #25545 but keeping open as both issues have a large number of upvotes and contain useful comments.
New or Affected Resource(s)
Potential Terraform Configuration
References
The text was updated successfully, but these errors were encountered: