AWS WAF text transformations | Amazon Web Services

Опубликовано 3 ноября 2023, 21:29

AWS Web Application Firewall (WAF) supports text transformations, allowing you to reformat web requests to remove any unusual formatting, or sanitize input before rule evaluation. This capability can be used to identify threats that may be obscured by attackers in an effort to bypass detection. You can use these text transformations with WAF rule statements, such as SQLi detection, string match, and regex pattern set. You can chain up to 10 text transformations together in a single rule statement. Once configured, AWS WAF will apply the transformations first before evaluating the rule statement.
For example, UTF8_TO_UNICODE text transformation converts all UTF-8 character sequences into Unicode and this can be used to help minimize both false-positives and false-negatives for payload that are not in English language. MD5 text transformation calculates an MD5 hash value and this can be used to check if input parameters are within expected value and have not been tampered using text obfuscation techniques.

Learn more at: go.aws/3QlnajD

Subscribe:
More AWS videos: go.aws/3m5yEMW
More AWS events videos: go.aws/3ZHq4BK

Do you have technical AWS questions?
Ask the community of experts on AWS re:Post: go.aws/3lPaoPb

ABOUT AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.

#AWSWebApplicationFirewall #RuleStatements #TextTransformations #ReformatWebRequests #SanitizeInput #NetworkandApplicationProtection #AWSSecurityServicesFeatureDemos #AWS #AmazonWebServices #CloudComputing