

For If a request, choose matches all the statements (AND).įor Match key, enter the label for the rule creating the false positives.Then, add a scope-down statement to the specific AWS Managed Rule blocking your requests. For instructions, see Setting rule actions to count in a rule group. To allow the false positives for WindowsShellCommands_BODY, GenericLFI_BODY, or SizeRestrictions_BODY, first set the corresponding rule to Count mode. For instructions, see How do I create a HAR file from my browser for an AWS Support case? and follow the instructions in Create a HAR file in your browser.
IMAGEZILLA UPLOADS ARCHIVE
Take an HTTP Archive (HAR) file while the file is being uploaded and review it for WindowsShellCommands_BODY, GenericLFI_BODY, or SizeRestrictions_BODY rules. File uploads blocked by WindowsShellCommands_BODY, GenericLFI_BODY, or SizeRestrictions_BODY rules When you're satisfied that the rule does what you want, change the Action to Allow. Evaluate the rule using Amazon CloudWatch metrics combined with AWS WAF sampled requests or AWS WAF logs. Important: It’s a best practice to test rules in a non-production environment with the Action set to Count. For Set rule priority, move the rule below the AWS Managed Rule that was blocking the request.


Use a safe list with a string or regex match condition to allow the request. For instructions, see Working with IP match conditions. To address blocked uploads by SQLi_BODY or CrossSiteScripting_BODY, choose one of the following options:Īdd well-known IP addresses to a safe list rule with IP Match conditions if the IP address range accessing the application is known.
