Validate Conditions in AWS WAF Classic Regional Rules
This rule ensures AWS WAF Classic Regional rules contain at least one condition to adequately inspect and control web traffic.
| Rule | AWS WAF Classic Regional rules should have at least one condition |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
AWS WAF Classic Regional rules should include at least one condition for AWS Foundational Security Best Practices. This ensures that the WAF is configured to provide an additional layer of security by actively monitoring and filtering traffic based on defined security best practices.
Troubleshooting Steps:
If the AWS WAF Classic Regional rule does not have a condition for AWS Foundational Security Best Practices, follow these troubleshooting steps:
- 1.Check the existing rules in AWS WAF Classic Regional.
- 2.Ensure that there is at least one condition for AWS Foundational Security Best Practices.
- 3.If no condition is found, proceed to add a condition for AWS Foundational Security Best Practices.
Necessary Codes:
An example of a condition for AWS Foundational Security Best Practices:
{ "Type": "IPMatch", "DataId": "AWSManagedRulesAdminProtectionRuleSet" }
Remediation Steps:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the AWS WAF console.
- 3.Select the AWS WAF Classic Regional service.
- 4.Choose the web ACL where you want to add a condition.
- 5.Click on "Rules" in the navigation pane.
- 6.Click on the "Add rules" button.
- 7.Select the type of condition, such as IPMatch, from the dropdown menu.
- 8.Set the Data ID to "AWSManagedRulesAdminProtectionRuleSet" to ensure AWS Foundational Security Best Practices are included.
- 9.Save the rule.
- 10.Test the rule to ensure it is functioning as expected.
By following these steps and adding a condition for AWS Foundational Security Best Practices to the AWS WAF Classic Regional rule, you can enhance the security posture of your application or website.