Detections
Analytics

Ensure requests greater than 8 KB are blocked by AWS Web Application Firewall

HIGH

Description

AWS Web Application Firewall only evaluates the first 8 KB of a request body. Having a request body greater than 8 KB could allow attackers to embed payload within the request.

Remediation

In AWS Console -

  1. Sign In to the AWS Console.
  2. Open WAF and Shield Console.
  3. Open the Web ACL tab and select create Web ACL.
  4. After adding Web ACL Details, Select Next.
  5. Click on Add rules and select 'Add my own rules and rule groups'.
  6. In the Statements, set Inspect as 'Body', set Match Type as 'Size greater than' and set Size to '8192'. Make sure 'Text transformation' is set as none.
  7. In the Then tab set the action as 'count' and click on 'Add Rule'.

In Terraform -

  1. In the aws_waf_size_constraint_set resource, set 'size_constraints.size' to 8192 and 'size_constraints.comparison_operator' to 'GT'.

References:
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/waf_size_constraint_set

Policy Details

Rule Reference ID: AC_AWS_0396
CSP: AWS
Remediation Available: Yes
Domain: Security Best Practices
Resource: aws_waf_size_constraint_set
Resource Category: Virtual Network
Resource Type: Firewall

Frameworks