Check for Rules in AWS WAF Classic Global Web ACLs

Ensures AWS WAF Classic global web ACLs contain at least one rule or rule group, necessary for robust web security management.

Rule	AWS WAF Classic global web ACLs should have at least one rule or rule group
Framework	AWS Foundational Security Best Practices
Severity	✔ Medium

Rule/Policy Description

AWS WAF Classic global Web ACLs should have at least one rule or rule group for AWS Foundational Security Best Practices to ensure the protection of web applications from common web exploits and malicious traffic.

Troubleshooting Steps

If the global Web ACL does not have a rule or rule group for AWS Foundational Security Best Practices, follow these troubleshooting steps:

1.
Check the current configuration of the global Web ACL.

2.
Identify if there are any existing rules or rule groups related to security best practices.

3.
Review the logs and monitoring data for any potential security threats that may have been missed due to the absence of these rules.

4.
Ensure that the appropriate AWS Managed Rules (Managed Rule Groups) are associated with the global Web ACL.

Necessary Codes

If no rules or rule groups are currently in place, you can use AWS Managed Rules for AWS WAF to implement AWS Foundational Security Best Practices. Here is an example of using AWS CLI to associate an AWS Managed Rule Group with a Web ACL:

aws wafv2 associate-web-acl --web-acl-id <web-acl-id> --scope REGIONAL --rule-group-arn <rule-group-arn>

Remediation Steps

Follow these steps to add an AWS Managed Rule Group for AWS Foundational Security Best Practices to the global Web ACL using AWS CLI:

1.
Retrieve the Web ACL ID:

aws wafv2 list-web-acls

1.
Identify the Rule Group ARN for AWS Foundational Security Best Practices.

2.
Associate the Rule Group with the Web ACL using the following command:

aws wafv2 associate-web-acl --web-acl-id <web-acl-id> --scope REGIONAL --rule-group-arn <rule-group-arn>

1.
Verify the association by checking the Web ACL details:

aws wafv2 get-web-acl --id <web-acl-id>

1.
Monitor the Web ACL for any blocked or allowed requests based on the newly added rule group.

By following these steps, you can ensure that the global Web ACL includes rules or rule groups for AWS Foundational Security Best Practices, enhancing the security posture of your web applications.

Check for Rules in AWS WAF Classic Global Web ACLs

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps

Necessary Codes

Remediation Steps

Is your System Free of Underlying Vulnerabilities?
Find Out Now