우선 순위 올려줘야 적용될 수 있으므로 주의하기
•
3으로 끝나는 requestid 차단
{
"Name": "BlockRequestIDEndingWith3",
"Priority": 1,
"Statement": {
"RegexMatchStatement": {
"FieldToMatch": {
"Body": {
"OversizeHandling": "CONTINUE"
}
},
"RegexString": "\"requestid\"\\s*:\\s*\"[^\"]*3\"",
"TextTransformations": [
{
"Type": "COMPRESS_WHITE_SPACE",
"Priority": 0
}
]
}
},
"Action": {
"Block": {
"CustomResponse": {
"ResponseCode": 403,
"CustomResponseBodyKey": "error-text"
}
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "BlockRequestIDEndingWith3"
}
}
JSON
복사
{
"Name": "BlockNonNumericRequestIDInGET",
"Priority": 2,
"Statement": {
"AndStatement": {
"Statements": [
{
"ByteMatchStatement": {
"SearchString": "GET",
"FieldToMatch": {
"Method": {}
},
"TextTransformations": [
{
"Priority": 0,
"Type": "NONE"
}
],
"PositionalConstraint": "EXACTLY"
}
},
{
"ByteMatchStatement": {
"SearchString": "requestid=",
"FieldToMatch": {
"QueryString": {}
},
"TextTransformations": [
{
"Priority": 0,
"Type": "NONE"
}
],
"PositionalConstraint": "CONTAINS"
}
},
{
"NotStatement": {
"Statement": {
"RegexMatchStatement": {
"RegexString": "^[0-9]+$",
"FieldToMatch": {
"SingleQueryArgument": {
"Name": "requestid"
}
},
"TextTransformations": [
{
"Priority": 0,
"Type": "NONE"
}
]
}
}
}
}
]
}
},
"Action": {
"Block": {
"CustomResponse": {
"ResponseCode": 403,
"CustomResponseBodyKey": "invalid-requestid-error"
}
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "BlockNonNumericRequestIDInGET"
}
}
JSON
복사