Created
July 5, 2019 15:55
-
-
Save chrissound/9e0f7279755b9fe8043729d602c49733 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Creates an AWS WAF configuration that protects against common attacks", | |
"Metadata": { | |
"AWS::CloudFormation::Interface": { | |
"ParameterGroups": [ | |
{ | |
"Label": { | |
"default": "Web ACL Name for Common Attack Protection" | |
}, | |
"Parameters": [ | |
"WebACLName" | |
] | |
} | |
], | |
"ParameterLabels": { | |
"WebACLName": { | |
"default": "Name" | |
} | |
} | |
} | |
}, | |
"Parameters": { | |
"WebACLName": { | |
"Type": "String", | |
"Default": "CommonAttackProtection", | |
"Description": "Enter the name you want to use for the WebACL. This value is also added as a prefix for the names of the rules, conditions, and CloudWatch metrics created by this template." | |
} | |
}, | |
"Resources": { | |
"MyWebACL": { | |
"Properties": { | |
"Name": { "Ref" : "WebACLName" }, | |
"DefaultAction": { | |
"Type": "ALLOW" | |
}, | |
"MetricName": { "Ref" : "WebACLName" }, | |
"Rules": [ | |
{ | |
"Action": { | |
"Type": "BLOCK" | |
}, | |
"Priority": 1, | |
"RuleId": { | |
"Ref": "ManualIPBlockRule" | |
} | |
}, | |
{ | |
"Action": { | |
"Type": "COUNT" | |
}, | |
"Priority": 2, | |
"RuleId": { | |
"Ref": "SizeMatchRule" | |
} | |
}, | |
{ | |
"Action": { | |
"Type": "BLOCK" | |
}, | |
"Priority": 3, | |
"RuleId": { | |
"Ref": "SqliRule" | |
} | |
}, | |
{ | |
"Action": { | |
"Type": "BLOCK" | |
}, | |
"Priority": 4, | |
"RuleId": { | |
"Ref": "XssRule" | |
} | |
} | |
] | |
}, | |
"Type": "AWS::WAFRegional::WebACL" | |
}, | |
"SqliRule": { | |
"Properties": { | |
"Name": { "Fn::Join" : [ "", [{ "Ref" : "WebACLName" }, "SqliRule"]] }, | |
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "SqliRule"]] }, | |
"Predicates": [ | |
{ | |
"DataId": { | |
"Ref": "SqliMatchSet" | |
}, | |
"Negated": false, | |
"Type": "SqlInjectionMatch" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::Rule" | |
}, | |
"XssRule": { | |
"Properties": { | |
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] }, | |
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]}, | |
"Predicates": [ | |
{ | |
"DataId": { | |
"Ref": "XssMatchSet" | |
}, | |
"Negated": false, | |
"Type": "XssMatch" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::Rule" | |
}, | |
"SizeMatchRule": { | |
"Properties": { | |
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "LargeBodyMatchRule"]] }, | |
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "DetectLargeBody"]]}, | |
"Predicates": [ | |
{ | |
"DataId": { | |
"Ref": "SizeMatchSet" | |
}, | |
"Negated": false, | |
"Type": "SizeConstraint" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::Rule" | |
}, | |
"ManualIPBlockRule": { | |
"Properties": { | |
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "ManualIPBlockRule"]] }, | |
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "ManualIPBlockRule"]]}, | |
"Predicates": [ | |
{ | |
"DataId": { | |
"Ref": "WAFManualIPBlockSet" | |
}, | |
"Negated": false, | |
"Type": "IPMatch" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::Rule" | |
}, | |
"WAFManualIPBlockSet": { | |
"Properties": { | |
"Name": "Manual IP Block Set" | |
}, | |
"Type": "AWS::WAF::IPSet" | |
}, | |
"SizeMatchSet": { | |
"Properties": { | |
"Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "LargeBodyMatch"]]}, | |
"SizeConstraints": [ | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"ComparisonOperator": "GT", | |
"Size": "8192", | |
"TextTransformation": "NONE" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::SizeConstraintSet" | |
}, | |
"SqliMatchSet": { | |
"Properties": { | |
"Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "SqliMatch"]]}, | |
"SqlInjectionMatchTuples": [ | |
{ | |
"FieldToMatch": { | |
"Type": "QUERY_STRING" | |
}, | |
"TextTransformation": "URL_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "QUERY_STRING" | |
}, | |
"TextTransformation": "HTML_ENTITY_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"TextTransformation": "URL_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"TextTransformation": "HTML_ENTITY_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "URI" | |
}, | |
"TextTransformation": "URL_DECODE" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::SqlInjectionMatchSet" | |
}, | |
"XssMatchSet": { | |
"Properties": { | |
"Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssMatch"]]}, | |
"XssMatchTuples": [ | |
{ | |
"FieldToMatch": { | |
"Type": "QUERY_STRING" | |
}, | |
"TextTransformation": "URL_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "QUERY_STRING" | |
}, | |
"TextTransformation": "HTML_ENTITY_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"TextTransformation": "URL_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"TextTransformation": "HTML_ENTITY_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "URI" | |
}, | |
"TextTransformation": "URL_DECODE" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::XssMatchSet" | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Creates an AWS WAF configuration that protects against common attacks", | |
"Metadata": { | |
"AWS::CloudFormation::Interface": { | |
"ParameterGroups": [ | |
{ | |
"Label": { | |
"default": "Web ACL Name for Common Attack Protection" | |
}, | |
"Parameters": [ | |
"WebACLName" | |
] | |
} | |
], | |
"ParameterLabels": { | |
"WebACLName": { | |
"default": "Name" | |
} | |
} | |
} | |
}, | |
"Parameters": { | |
"WebACLName": { | |
"Type": "String", | |
"Default": "CommonAttackProtection", | |
"Description": "Enter the name you want to use for the WebACL. This value is also added as a prefix for the names of the rules, conditions, and CloudWatch metrics created by this template." | |
} | |
}, | |
"Resources": { | |
"MyWebACL": { | |
"Properties": { | |
"Name": { "Ref" : "WebACLName" }, | |
"DefaultAction": { | |
"Type": "ALLOW" | |
}, | |
"MetricName": { "Ref" : "WebACLName" }, | |
"Rules": [ | |
{ | |
"Action": { | |
"Type": "BLOCK" | |
}, | |
"Priority": 1, | |
"RuleId": { | |
"Ref": "ManualIPBlockRule" | |
} | |
}, | |
{ | |
"Action": { | |
"Type": "COUNT" | |
}, | |
"Priority": 2, | |
"RuleId": { | |
"Ref": "SizeMatchRule" | |
} | |
}, | |
{ | |
"Action": { | |
"Type": "BLOCK" | |
}, | |
"Priority": 3, | |
"RuleId": { | |
"Ref": "SqliRule" | |
} | |
}, | |
{ | |
"Action": { | |
"Type": "BLOCK" | |
}, | |
"Priority": 4, | |
"RuleId": { | |
"Ref": "XssRule" | |
} | |
} | |
] | |
}, | |
"Type": "AWS::WAFRegional::WebACL" | |
}, | |
"SqliRule": { | |
"Properties": { | |
"Name": { "Fn::Join" : [ "", [{ "Ref" : "WebACLName" }, "SqliRule"]] }, | |
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "SqliRule"]] }, | |
"Predicates": [ | |
{ | |
"DataId": { | |
"Ref": "SqliMatchSet" | |
}, | |
"Negated": false, | |
"Type": "SqlInjectionMatch" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::Rule" | |
}, | |
"XssRule": { | |
"Properties": { | |
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] }, | |
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]}, | |
"Predicates": [ | |
{ | |
"DataId": { | |
"Ref": "XssMatchSet" | |
}, | |
"Negated": false, | |
"Type": "XssMatch" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::Rule" | |
}, | |
"SizeMatchRule": { | |
"Properties": { | |
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "LargeBodyMatchRule"]] }, | |
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "DetectLargeBody"]]}, | |
"Predicates": [ | |
{ | |
"DataId": { | |
"Ref": "SizeMatchSet" | |
}, | |
"Negated": false, | |
"Type": "SizeConstraint" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::Rule" | |
}, | |
"ManualIPBlockRule": { | |
"Properties": { | |
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "ManualIPBlockRule"]] }, | |
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "ManualIPBlockRule"]]}, | |
"Predicates": [ | |
{ | |
"DataId": { | |
"Ref": "WAFManualIPBlockSet" | |
}, | |
"Negated": false, | |
"Type": "IPMatch" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::Rule" | |
}, | |
"WAFManualIPBlockSet": { | |
"Properties": { | |
"Name": "Manual IP Block Set" | |
}, | |
"Type": "AWS::WAF::IPSet" | |
}, | |
"SizeMatchSet": { | |
"Properties": { | |
"Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "LargeBodyMatch"]]}, | |
"SizeConstraints": [ | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"ComparisonOperator": "GT", | |
"Size": "8192", | |
"TextTransformation": "NONE" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::SizeConstraintSet" | |
}, | |
"SqliMatchSet": { | |
"Properties": { | |
"Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "SqliMatch"]]}, | |
"SqlInjectionMatchTuples": [ | |
{ | |
"FieldToMatch": { | |
"Type": "QUERY_STRING" | |
}, | |
"TextTransformation": "URL_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "QUERY_STRING" | |
}, | |
"TextTransformation": "HTML_ENTITY_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"TextTransformation": "URL_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"TextTransformation": "HTML_ENTITY_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "URI" | |
}, | |
"TextTransformation": "URL_DECODE" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::SqlInjectionMatchSet" | |
}, | |
"XssMatchSet": { | |
"Properties": { | |
"Name": {"Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssMatch"]]}, | |
"XssMatchTuples": [ | |
{ | |
"FieldToMatch": { | |
"Type": "QUERY_STRING" | |
}, | |
"TextTransformation": "URL_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "QUERY_STRING" | |
}, | |
"TextTransformation": "HTML_ENTITY_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"TextTransformation": "URL_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "BODY" | |
}, | |
"TextTransformation": "HTML_ENTITY_DECODE" | |
}, | |
{ | |
"FieldToMatch": { | |
"Type": "URI" | |
}, | |
"TextTransformation": "URL_DECODE" | |
} | |
] | |
}, | |
"Type": "AWS::WAF::XssMatchSet" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment