[O11y][AWS] Rally benchmark aws.waf#9377
Conversation
🚀 Benchmarks reportTo see the full report comment with |
|
@aliabbas-elastic Can you update the sample response in the description? It's not loading. |
Done |
… into aws_benchmark_waf
| - name: aws_waf_source_name | ||
| value: ["CF", "APIGW", "ALB", "APPSYNC", "COGNITOIDP", "APPRUNNER", "VERIFIED_ACCESS"] | ||
| - name: condition_type | ||
| value: "SQL_INJECTION" |
There was a problem hiding this comment.
https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-create-condition.html
From what I see there are more type of conditions: SQL_INJECTION, XSS_PATH, SIZE_RESTRICTION, GEO_MATCH, IP_MATCH, REGEX_MATCH
There was a problem hiding this comment.
Updated it with two more values. I couldn't find the exact strings for conditions SIZE_RESTRICTION, GEO_MATCH & IP_MATCH. Let me know if this would suffice
| type: keyword | ||
| - name: uri_path | ||
| type: keyowrd | ||
| example: themes/twentynineteen/style |
There was a problem hiding this comment.
Are you sure the example is correct?
There was a problem hiding this comment.
Thanks for catching this. Actually this is a syntax rather than an exact value so this would give me three random generated words separated by /. But currently only these ones are supported. After removing the example config line here are the values generated under the uri field. I think right now we can proceed with this until there is requirement of supporting more characters
- /wp-content/dirtqueen.min.css
- /wp-content/bitterthroat.css
- /wp-content/rubyfang.png
Co-authored-by: subham sarkar <sarkar.subhams2@gmail.com>
💚 Build Succeeded
History
cc @aliabbas-elastic |
|
Proposed commit message
wafdata stream ofAWSSample Response
sample_event.json
{ "agent": { "name": "aws-scale-123456", "id": "de42127b-4db8-4471-824e-a7b14f478663", "ephemeral_id": "22ed892c-43bd-408a-9121-65e2f5b6a56e", "type": "filebeat", "version": "8.8.0" }, "benchmark_metadata": { "info": { "run_id": "afde7278-c398-48a3-8ef8-6ee5d912ba0f", "benchmark": "waf-benchmark" } }, "log": { "file": { "path": "https://elastic-package-aws-bucket-63468.s3.us-east-1.amazonaws.com/waf.log" }, "offset": 0 }, "elastic_agent": { "id": "de42127b-4db8-4471-824e-a7b14f478663", "version": "8.8.0", "snapshot": false }, "rule": { "ruleset": "GROUP", "id": "STMTest_SQLi_XSS" }, "source": { "geo": { "continent_name": "Europe", "region_iso_code": "SE-E", "city_name": "Linköping", "country_iso_code": "SE", "country_name": "Sweden", "location": { "lon": 15.6167, "lat": 58.4167 }, "region_name": "Östergötland County" }, "as": { "number": 29518, "organization": { "name": "Bredband2 AB" } }, "ip": "54.146.12.204" }, "url": { "path": "/wp-content/cougar wolverine hide healer friend muse singer taker bow throat boot gambler snap stalker loon parrot scorpion stag moth salmon loon aquamarinetouch.png", "query": "ver=1.1" }, "network": { "protocol": "http", "transport": "tcp" }, "tags": [ "preserve_original_event", "forwarded", "aws-waf" ], "cloud": { "provider": "aws", "service": { "name": "wafv2" }, "region": "eu-north-1", "account": { "id": "redpiper" } }, "input": { "type": "aws-s3" }, "@timestamp": "2024-03-27T04:40:15.799Z", "related": { "ip": [ "89.160.20.156", "54.146.12.204" ] }, "ecs": { "version": "8.0.0" }, "data_stream": { "namespace": "ep", "type": "logs", "dataset": "aws.waf" }, "http": { "request": { "method": "POST", "id": "rid-9160" }, "version": "1.1" }, "aws": { "s3": { "bucket": { "name": "elastic-package-aws-bucket-63468", "arn": "arn:aws:s3:::elastic-package-aws-bucket-63468" }, "object": { "key": "helixnape.log" } }, "waf": { "request": { "headers": { "User-Agent": "Apache-HttpClient/4.5.6 (Java/1.8.0_191)", "Host": "wordpress-1573828666.eu-north-1.elb.amazonaws.com" } }, "terminating_rule_match_details": [ { "matchedData": [ "82", "AND", "82" ], "conditionType": "SQL_INJECTION", "location": "lemonwatcher" } ], "id": "regional/webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE", "source": { "name": "ALB", "id": "elb" }, "arn": "arn:aws:wafv2:eu-north-1:redpiper:regional/webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE" } }, "event": { "agent_id_status": "auth_metadata_missing", "ingested": "2024-03-27T04:40:19Z", "original": "{\"timestamp\":1711514415799,\"formatVersion\":1,\"webaclId\":\"arn:aws:wafv2:eu-north-1:redpiper:regional/webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE\",\"terminatingRuleId\":\"STMTest_SQLi_XSS\",\"terminatingRuleType\":\"GROUP\",\"action\":\"BLOCK\",\"terminatingRuleMatchDetails\": [{\"conditionType\": \"SQL_INJECTION\",\"location\": \"lemonwatcher\",\"matchedData\": [\"82\",\"AND\",\"82\"]}],\"httpSourceName\":\"ALB\",\"httpSourceId\":\"elb\",\"ruleGroupList\":[],\"rateBasedRuleList\":[],\"nonTerminatingMatchingRules\":[],\"requestHeadersInserted\":null,\"responseCodeSent\":null,\"httpRequest\":{\"clientIp\":\"54.146.12.204\",\"country\":\"US\",\"headers\":[{\"name\":\"Host\",\"value\":\"wordpress-1573828666.eu-north-1.elb.amazonaws.com\"},{\"name\":\"User-Agent\",\"value\":\"Apache-HttpClient/4.5.6 (Java/1.8.0_191)\"}],\"uri\":\"/wp-content/cougar wolverine hide healer friend muse singer taker bow throat boot gambler snap stalker loon parrot scorpion stag moth salmon loon aquamarinetouch.png\",\"args\":\"ver=1.1\",\"httpVersion\":\"HTTP/1.1\",\"httpMethod\":\"POST\",\"requestId\":\"rid-9160\"},\"labels\":[{\"name\":\"value\"}]}", "kind": "event", "action": "BLOCK", "category": "web", "type": [ "access", "denied" ], "dataset": "aws.waf" } }Checklist
How to test this PR locally
Run this command from package root
elastic-package benchmark rally --benchmark waf-benchmark -velastic-package benchmark stream --benchmark waf-benchmark -vRelated issues
Screenshots