How to use AWS WAF to block certain URLs

Question

I am trying to use AWS WAF to block requests with certain URL patterns. I am using the string matching filter, but it is not blocking the requests. I must be doing it incorrectly.

Here is what I am trying to block: https://xxx.domain.com/

A good url would be: https://xxx.domain.com/something/something

The URL with nothing after the .com slash is never used in this example and is only hit by malicious traffic.

How do I use WAF to block these requests?

*"I am using the string matching filter"* How are you configuring it? Matching `URI` against `/` should block these requests. — Michael - sqlbot, May 04 '18 at 02:58

score 0 · Answer 1 · answered May 05 '22 at 04:04

0

You can configure rules based on Referrer or Origin
Use regex based rule example *.domain.com
Take action to Block

answered May 05 '22 at 04:04

PCB

638
1
11
22

score 0 · Answer 2 · answered Mar 23 '23 at 10:34

0

I had to solve the same issue and did it in the following way:

Create a custom rule, which blocks on complete string equality, and setting the match string to /.

This blocks all requests to the base domain url (www.example.com).

answered Mar 23 '23 at 10:34

dingo

443
3
16

How to use AWS WAF to block certain URLs

2 Answers2