Created
July 5, 2019 15:52
-
-
Save chrissound/0b5ce1c94f5b3ba615357c0f45e19fe6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "Creates an AWS WAF configuration that protects against common attacks", | |
| "Metadata": { | |
| "AWS::CloudFormation::Interface": { | |
| "ParameterGroups": [ | |
| { | |
| "Label": { | |
| "default": "Web ACL Name for Common Attack Protection" | |
| }, | |
| "Parameters": [ | |
| "WebACLName" | |
| ] | |
| } | |
| ], | |
| "ParameterLabels": { | |
| "WebACLName": { | |
| "default": "Name" | |
| } | |
| } | |
| } | |
| }, | |
| "Parameters": { | |
| "WebACLName": { | |
| "Type": "String", | |
| "Default": "CommonAttackProtection", | |
| "Description": "Enter the name you want to use for the WebACL. This value is also added as a prefix for the names of the rules, conditions, and CloudWatch metrics created by this template." | |
| } | |
| }, | |
| "Resources": { | |
| "MyWebACL": { | |
| "Properties": { | |
| "Name": { "Ref" : "WebACLName" }, | |
| "DefaultAction": { | |
| "Type": "ALLOW" | |
| }, | |
| "MetricName": { "Ref" : "WebACLName" }, | |
| "Rules": [ | |
| { | |
| "Action": { | |
| "Type": "BLOCK" | |
| }, | |
| "Priority": 1, | |
| "RuleId": { | |
| "Ref": "ManualIPBlockRule" | |
| } | |
| }, | |
| { | |
| "Action": { | |
| "Type": "COUNT" | |
| }, | |
| "Priority": 2, | |
| "RuleId": { | |
| "Ref": "SizeMatchRule" | |
| } | |
| }, | |
| { | |
| "Action": { | |
| "Type": "BLOCK" | |
| }, | |
| "Priority": 3, | |
| "RuleId": { | |
| "Ref": "SqliRule" | |
| } | |
| }, | |
| { | |
| "Action": { | |
| "Type": "BLOCK" | |
| }, | |
| "Priority": 4, | |
| "RuleId": { | |
| "Ref": "XssRule" | |
| } | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::WAFRegional::WebACL" | |
| }, | |
| "SqliRule": { | |
| "Properties": { | |
| "Name": { "Fn::Join" : [ "", [{ "Ref" : "WebACLName" }, "SqliRule"]] }, | |
| "MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "SqliRule"]] }, | |
| "Predicates": [ | |
| { | |
| "DataId": { | |
| "Ref": "SqliMatchSet" | |
| }, | |
| "Negated": false, | |
| "Type": "SqlInjectionMatch" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::WAF::Rule" | |
| }, | |
| "XssRule": { | |
| "Properties": { | |
| "Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] }, | |
| "MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]}, | |
| "Predicates": [ | |
| { | |
| "DataId": { | |
| "Ref": "XssMatchSet" | |
| }, | |
| "Negated": false, | |
| "Type": "XssMatch" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::WAF::Rule" | |
| }, | |
| "SizeMatchRule": { | |
| "Properties": { | |
| "Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "LargeBodyMatchRule"]] }, | |
| "MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "DetectLargeBody"]]}, | |
| "Predicates": [ | |
| { | |
| "DataId": { | |
| "Ref": "SizeMatchSet" | |
| }, | |
| "Negated": false, | |
| "Type": "SizeConstraint" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::WAF::Rule" | |
| }, | |
| "ManualIPBlockRule": { | |
| "Properties": { | |
| "Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "ManualIPBlockRule"]] }, | |
| "MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "ManualIPBlockRule"]]}, | |
| "Predicates": [ | |
| { | |
| "DataId": { | |
| "Ref": "WAFManualIPBlockSet" | |
| }, | |
| "Negated": false, | |
| "Type": "IPMatch" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::WAF::Rule" | |
| }, | |
| "WAFManualIPBlockSet": { | |
| "Properties": { | |
| "Name": "Manual IP Block Set" | |
| }, | |
| "Type": "AWS::WAF::IPSet" | |
| }, | |
| "SizeMatchSet": { | |
| "Properties": { | |
| "Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "LargeBodyMatch"]]}, | |
| "SizeConstraints": [ | |
| { | |
| "FieldToMatch": { | |
| "Type": "BODY" | |
| }, | |
| "ComparisonOperator": "GT", | |
| "Size": "8192", | |
| "TextTransformation": "NONE" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::WAF::SizeConstraintSet" | |
| }, | |
| "SqliMatchSet": { | |
| "Properties": { | |
| "Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "SqliMatch"]]}, | |
| "SqlInjectionMatchTuples": [ | |
| { | |
| "FieldToMatch": { | |
| "Type": "QUERY_STRING" | |
| }, | |
| "TextTransformation": "URL_DECODE" | |
| }, | |
| { | |
| "FieldToMatch": { | |
| "Type": "QUERY_STRING" | |
| }, | |
| "TextTransformation": "HTML_ENTITY_DECODE" | |
| }, | |
| { | |
| "FieldToMatch": { | |
| "Type": "BODY" | |
| }, | |
| "TextTransformation": "URL_DECODE" | |
| }, | |
| { | |
| "FieldToMatch": { | |
| "Type": "BODY" | |
| }, | |
| "TextTransformation": "HTML_ENTITY_DECODE" | |
| }, | |
| { | |
| "FieldToMatch": { | |
| "Type": "URI" | |
| }, | |
| "TextTransformation": "URL_DECODE" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::WAF::SqlInjectionMatchSet" | |
| }, | |
| "XssMatchSet": { | |
| "Properties": { | |
| "Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssMatch"]]}, | |
| "XssMatchTuples": [ | |
| { | |
| "FieldToMatch": { | |
| "Type": "QUERY_STRING" | |
| }, | |
| "TextTransformation": "URL_DECODE" | |
| }, | |
| { | |
| "FieldToMatch": { | |
| "Type": "QUERY_STRING" | |
| }, | |
| "TextTransformation": "HTML_ENTITY_DECODE" | |
| }, | |
| { | |
| "FieldToMatch": { | |
| "Type": "BODY" | |
| }, | |
| "TextTransformation": "URL_DECODE" | |
| }, | |
| { | |
| "FieldToMatch": { | |
| "Type": "BODY" | |
| }, | |
| "TextTransformation": "HTML_ENTITY_DECODE" | |
| }, | |
| { | |
| "FieldToMatch": { | |
| "Type": "URI" | |
| }, | |
| "TextTransformation": "URL_DECODE" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::WAF::XssMatchSet" | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment