**引入全新的主机体验 Amazon WAF** 现在,您可以使用更新的体验访问控制台中任意位置的 Amazon WAF 功能。有关更多详细信息,请参阅[使用控制台](https://docs.amazonaws.cn/waf/latest/developerguide/working-with-console.html)。 本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # ACFP 示例:针对被泄漏凭证的自定义响应 默认情况下,规则组 `AWSManagedRulesACFPRuleSet` 执行的凭证检查通过标记请求并阻止请求来处理被泄露的凭证。有关规则组和规则行为的详细信息,请参阅 [Amazon WAF 欺诈控制账户创建防作弊 (ACFP) 规则组](aws-managed-rule-groups-acfp.md)。 要通知用户其提供的账户凭证已被泄漏,您可以执行以下操作: + **将 `SignalCredentialCompromised` 规则覆盖为 Count**:这会使规则仅对匹配的请求进行计数和标记。 + **添加带有自定义处理的标签匹配规则**:配置此规则,以便与 ACFP 标签匹配并执行自定义处理。 以下保护包(web ACL)列表显示前一个示例中的 ACFP 托管规则组,其中的 `SignalCredentialCompromised` 规则操作被覆盖为计数。使用此配置,当此规则组评估任何使用已泄露凭证的 web 请求时,它将标记该请求,但不会阻止该请求。 此外,保护包(web ACL)现在有一个名为 `aws-waf-credential-compromised` 的自定义响应和一个名为 `AccountSignupCompromisedCredentialsHandling` 的新规则。规则优先级是比规则组更高的数值设置,因此在保护包(web ACL)评估中,规则优先级在规则组之后运行。新规则将任何带有规则组已泄露凭证标签的请求进行匹配。当规则找到匹配项时,它会使用自定义响应正文将 Block 操作应用于请求。自定义响应正文向最终用户提供其凭证已被泄露的信息,并建议应对操作。 ``` { "Name": "compromisedCreds", "Id": "... ", "ARN": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/compromisedCreds/...", "DefaultAction": { "Allow": {} }, "Description": "", "Rules": [ { "Name": "AWS-AWSManagedRulesACFPRuleSet", "Priority": 0, "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "AWSManagedRulesACFPRuleSet", "ManagedRuleGroupConfigs": [ { "AWSManagedRulesACFPRuleSet": { "CreationPath": "/web/signup/submit-registration", "RegistrationPagePath": "/web/signup/registration", "RequestInspection": { "PayloadType": "JSON", "UsernameField": { "Identifier": "/form/username" }, "PasswordField": { "Identifier": "/form/password" }, "EmailField": { "Identifier": "/form/email" }, "PhoneNumberFields": [ { "Identifier": "/form/country-code" }, { "Identifier": "/form/region-code" }, { "Identifier": "/form/phonenumber" } ], "AddressFields": [ { "Identifier": "/form/name" }, { "Identifier": "/form/street-address" }, { "Identifier": "/form/city" }, { "Identifier": "/form/state" }, { "Identifier": "/form/zipcode" } ] }, "EnableRegexInPath": false } } ], "RuleActionOverrides": [ { "Name": "SignalCredentialCompromised", "ActionToUse": { "Count": {} } } ] } }, "OverrideAction": { "None": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSManagedRulesACFPRuleSet" } }, { "Name": "AccountSignupCompromisedCredentialsHandling", "Priority": 1, "Statement": { "LabelMatchStatement": { "Scope": "LABEL", "Key": "awswaf:managed:aws:acfp:signal:credential_compromised" } }, "Action": { "Block": { "CustomResponse": { "ResponseCode": 406, "CustomResponseBodyKey": "aws-waf-credential-compromised", "ResponseHeaders": [ { "Name": "aws-waf-credential-compromised", "Value": "true" } ] } } }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AccountSignupCompromisedCredentialsHandling" } } ], "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "compromisedCreds" }, "Capacity": 51, "ManagedByFirewallManager": false, "RetrofittedByFirewallManager": false, "LabelNamespace": "awswaf:111122223333:webacl:compromisedCreds:", "CustomResponseBodies": { "aws-waf-credential-compromised": { "ContentType": "APPLICATION_JSON", "Content": "{\n \"credentials-compromised\": \"The credentials you provided have been found in a compromised credentials database.\\n\\nTry again with a different username, password pair.\"\n}" } } } ```