AWS WAF_AWSManagedRulesAnonymousIpList

Hello,

I've enabled the AWS WAF service in my project. I've also set the rule action of HostingProviderIPList Rule in AWSManagedRulesAnonymousIpList as "Challenge." After analyzing the WAF logs from Cloudwatch, I noticed that the log was incomplete and we can see that only the main rule action is "Challenge," and there's no indication of whether the client passed or failed the challenge. Furthermore, there are no logs showing what happened after the challenge, such as the execution of the challenge.js script or the generation of a token for retrying the request. How can I find out what happened next? Please Help!

Topics

Analytics Security, Identity, & Compliance DevOps

Tags

Amazon Athena AWS WAF DevOps Ask the Experts

Language

English

Elson

asked 2 months ago539 views

1 Answer

Newest
Most votes
Most comments

Hello Elson,

Default AWS WAF logs lack details on challenge responses. To gain insights:

Enable logging for specific fields like request_headers in your WAF logging configuration.
Check CloudTrail logs around the challenge timeframe for WAF events (e.g., wafv2:RuleAction).

Web ACL logging configuration: https://docs.aws.amazon.com/waf/latest/developerguide/logging.html

Logging and monitoring in AWS WAF: https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/aws-security-incident-response-guide.html

EXPERT

NARRAVULA MUNISAI TEJA

answered 2 months ago

Elson
2 months ago
Thank you for your answer. Unfortunately, the AWS WAF logging configuration doesn't allow you to enable logging for specific fields like request_headers. Also, when I checked the CloudTrail log, it only showed the events originating from my actions.

Relevant content

[AWS WAF] Can't hit the rule with managed rules included in custom rules
Nam Tran
asked 3 years ago
How to use a custom block action for AWS managed rules in WAFv2
Accepted Answer
HS
asked 10 months ago
WAF IP Set Rule Issue
Linda
asked a year ago
How to set custom Block response for managed rule sets in AWS WAF?
Anonymous
asked 2 years ago
How do I unblock my IP address that an Amazon IP reputation list rule group or Anonymous list rule group blocked in AWS WAF?
AWS OFFICIALUpdated a month ago
How do I change the priority of the rules in my AWS WAF web ACL?
AWS OFFICIALUpdated 2 months ago
How do I explicitly allow file uploads that an AWS WAF rule blocks without excluding the rule?
AWS OFFICIALUpdated a year ago
Why does my AWS WAF custom rule not work?
AWS OFFICIALUpdated 2 months ago
AWS re:Post Knowledge Center Spotlight: AWS WAF
EXPERT
Shannon Lewis
published 6 days ago
How to use AWS WAF labels to fine tune webACL?
EXPERT
Lei Pei
published a month ago