3

AWS added the option to return custom status code, instead of the default 403.

From here: https://aws.amazon.com/blogs/security/customize-requests-and-responses-with-aws-waf/ I added custom status for my own rules, but it seems like for managed rules (e.g - Cyber Security Cloud Managed Rules), there is no way to change the action and status.

Can someone help here please?

user2503775
  • 4,267
  • 1
  • 23
  • 41

1 Answers1

1

You will have to use labels for this: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-labels.html

Write a custom rule to act on the labels and then have a custom response on the custom rule you create.

Use custom responses to change the default block action for a managed rule group

Shitij Mathur
  • 385
  • 2
  • 10
  • Thanks, it seems like there are labels only for AWS managed rules and not for another managed rules as Cyber Security Cloud. Do you know if/how we can get labels also for them? – user2503775 Jul 02 '22 at 20:34