WAF WebACLs Must Have Basic Rule Protection

More Info:

Web ACL rule group should have certain defined set of rule groups: AWS Managed IP reputation List AWS Managed Anonymous IP List AWS Managed core ruleset AWS Managed Known Bad Input List AWS Managed SQLI Ruleset AWS Managed Linux Ruleset AWS Managed Admin Protection Ruleset

Risk Level

High

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate this misconfiguration, you need to add a new rule to your AWS WAF WebACL. Here are the steps to do this using the AWS CLI:

Identify your WebACL: First, you need to identify the WebACL that you want to update. You can do this by running the following command:
```
aws waf list-web-acls --scope REGIONAL
```
This will return a list of all your WebACLs. Note down the ID of the WebACL you want to update.
Create a WAF rule: Next, you need to create a new WAF rule that provides the basic protection you want. For example, you might want to create a rule that blocks IP addresses that are known to be sources of DDoS attacks. Here’s how you can do this:
```
aws waf create-rule --name "BlockBadIPs" --metric-name "BlockBadIPs" --change-token $(aws waf get-change-token --query 'ChangeToken' --output text) --region us-west-2
```
This command creates a new rule named “BlockBadIPs”. The --change-token parameter is required for all WAF operations that change the service. The get-change-token command retrieves a change token that you can use in your command. Replace --region with your region.
Add the rule to your WebACL: Once you have created the rule, you can add it to your WebACL with the following command:
```
aws waf update-web-acl --web-acl-id <Your-WebACL-ID> --change-token $(aws waf get-change-token --query 'ChangeToken' --output text) --updates Action="INSERT" ActivatedRule={Priority=0,RuleId="<Your-Rule-ID>",Action={Type="BLOCK"}} --region us-west-2
```
Replace <Your-WebACL-ID> with the ID of your WebACL and <Your-Rule-ID> with the ID of the rule you just created. Again, replace --region with your region.
Verify the change: Finally, you can verify that the rule has been added to your WebACL by running the following command:
```
aws waf get-web-acl --web-acl-id <Your-WebACL-ID> --region us-west-2
```
This will return the details of your WebACL, including the rules that it contains. You should see the rule you just added in the list.

Remember to replace all placeholders with your actual IDs and region.

Using Python

To remediate this misconfiguration, you need to create a basic rule for AWS WAF (Web Application Firewall) WebACLs (Access Control Lists). This can be done using the AWS SDK for Python (Boto3). Here are the step-by-step instructions:

Install AWS SDK for Python (Boto3): If you haven’t installed Boto3, you can install it using pip:
```
pip install boto3
```
Configure AWS Credentials: You need to configure your AWS credentials. You can configure them by using the AWS CLI (Command Line Interface):
```
aws configure
```
You will be prompted to provide your AWS Access Key ID and Secret Access Key, which you can get from your AWS Management Console.
Create a Basic Rule: Now, you can create a basic rule for your WebACL using Boto3. Here is a basic example:
```
import boto3

client = boto3.client('waf')

response = client.create_rule(
    Name='BasicRule',
    MetricName='BasicRule',
    ChangeToken='string',
    Predicates=[
        {
            'Negated': False,
            'Type': 'IPMatch',
            'DataId': 'string'
        },
    ]
)
```
In this example, we are creating a rule that blocks requests from specific IP addresses. You need to replace 'string' in ChangeToken and DataId with your own values. ChangeToken is a value returned by a previous call to get a change token, and DataId is the ID of the IPSet that you want to use in the rule.

Add the Rule to a WebACL: After creating the rule, you need to add it to a WebACL. Here is how you can do it:

response = client.update_web_acl(
    WebACLId='string',
    ChangeToken='string',
    Updates=[
        {
            'Action': 'INSERT',
            'ActivatedRule': {
                'Priority': 123,
                'RuleId': 'string',
                'Action': {
                    'Type': 'BLOCK'
                },
            }
        },
    ],
    DefaultAction={
        'Type': 'ALLOW'
    }
)

In this example, you need to replace 'string' in WebACLId, ChangeToken, and RuleId with your own values. WebACLId is the ID of the WebACL that you want to update, ChangeToken is the same as before, and RuleId is the ID of the rule that you created before.

Please note that these are basic examples. Depending on your specific needs, you may need to customize these scripts. Always refer to the official AWS Boto3 documentation for more detailed information.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

WAF WebACLs Must Have Basic Rule Protection

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation