Custom Rule

Situation

Just as you thought you had solved your milkshake fiasco, more malicious requests are targeting your application. The attacks have become more specific. You realise you can block these attacks with a custom rule for your WAF Web ACL. All of the attacks seem to contain a strange header, X-TomatoAttack. Blocking requests with that header will stop the attack.

Tạo Custom Rule

WAF allows you to create your own rules for handling requests. This is useful for adding logic relevant for your specific application. Alongside custom rules, this section will introduce request sampling and Web ACL Capacity Units.

  1. In the detail of Web ACL page.
  • Click Rules.
  • Click Add Rules.
  • Click Add my own rules and rule groups. Create Custom Rule
  1. In the Rule builder section.
  • In the Name section, type MyCustomRule-X-TomatoAttack. Create Custom Rule
  1. In the Statement section.
  • In the Inspect section, Select Single header.
  • In the Header field name section, type X-TomatoAttack.
  • In the Match type section, Select Size greater than or equal to.
  • In the Size in bytes section, type 0. Create Custom Rule
  1. In the Action section.
  • In the Action section, Click Block.
  • Click Add rule. Create Custom Rule
  1. Click Save. Create Custom Rule Create Custom Rule

    You could also achieve the same goal using a regular expression.

  2. Run command.
# This will be blocked
curl -H "X-TomatoAttack: Red" "<Your Juice Shop URL>"

Create Custom Rule 7. Run command.

# This will be blocked
curl -H "X-TomatoAttack: Green" "<Your Juice Shop URL>"

Create Custom Rule 8. In the detail of Web ACL page.

  • Click Overview.
  • Drag the screen down, in the Sampled requests section, You will see these requests marked as BLOCK. Create Custom Rule