Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
350-SD/CP Add message to manually add oversized request config
This has been added as an output when applying blocks or modules rather than in documentation so as to keep it at the forefront of developers' minds. This is a temporary workaround whilst Terraform implement support for the feature. This was prompted by a notification from AWS: "... With AWS WAF, customers can configure rules that allow, block, captcha, or monitor (count) web requests based on conditions they define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting. When customers enable AWS WAF for CloudFront, Application Load Balancer, API Gateway or AppSync, only the first 8 KB of the request body are forwarded to AWS WAF for inspection. The 8 KB limit helps maintain high WAF performance and low latency, even during conditions of exceptional load. However, some bypass attempts intentionally put data towards the end of large (> 8 KB) requests. If your application does not expect requests greater than 8 KB in size, you can prevent them from passing through with a WAF size constraint rule statement. This will result in large requests being denied. We have detected you have one or more rules in your WAF web ACL that inspect the HTTP request body (or JSON body) but do not have a size constraint rule statement. As a result, we may not be inspecting all traffic, specifically requests > 8 KB, to your application. On April 29, 2022, we launched the ability to specify how oversized requests should be handled as part of your web ACL when you configure WAF to inspect Body or JSON body. Although defining oversize handling behavior is optional today, on October 1, 2022, we will make specifying the handling behavior for oversized requests required when there is no size constraint on the Body or JSON body rule. After October 1, 2022, if you have not updated your web ACL to either add a size constraint statement on Body or JSON body rules in your web ACL, or define the oversize handling behavior for these rules, updates to your WAF rules using the API will fail. You can learn more about configuring oversize handling behavior by visiting the AWS WAF documentation [1]. ..." See more: hashicorp/terraform-provider-aws#25832
- Loading branch information