I want to block requests that do not contain Authorization header. I came up with the following rule but I see that the requests which do not contain this header are also being allowed. What is the correct way to specify this condition?
rule {
name = "restrict-requests-without-authorization-header"
priority = 2
action {
block {}
}
statement {
size_constraint_statement {
field_to_match {
single_header {
name = "authorization"
}
}
comparison_operator = "LE"
size = 0
text_transformation {
priority = 0
type = "NONE"
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "restrict-requests-without-authorization-header-metrics"
sampled_requests_enabled = true
}
}
You need to create a rule and a regex patter (can be a wildcard) like this:
RULE:
rule {
name = "AuthorizationHeaderRule"
priority = 1
action {
allow {}
}
statement {
regex_pattern_set_reference_statement {
arn = aws_wafv2_regex_pattern_set.your_regex_pattern.arn
field_to_match {
single_header {
name = "authorization"
}
}
text_transformation {
priority = 2
type = "NONE"
}
}
}
And this can be the regex patter:
resource "aws_wafv2_regex_pattern_set" "your_regex_pattern" {
name = "your-regex-pattern"
scope = "REGIONAL"
regular_expression {
regex_string = "prefix-.*"
}
}