本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
ATP 示例:响应检查配置
以下 JSON 列表显示了一个 Web ACL 示例,其中包含配置为检查来源响应的 Amazon WAF 欺诈控制账户接管预防 (ATP) 托管规则组。请注意响应检查配置,该配置指定了成功和响应状态代码。您还可以根据标题、正文和正文 JSON 匹配来配置成功和响应设置。此 JSON 包含 Web ACL 自动生成的设置,例如标签命名空间和 Web ACL 的应用程序集成 URL。
注意
ATP 响应检查仅在保护 CloudFront 分布的 Web ACL 中可用。
{ "WebACL": { "LabelNamespace": "awswaf:111122223333:webacl:ATPModuleACL:", "Capacity": 50, "Description": "This is a test web ACL for ATP.", "Rules": [ { "Priority": 1, "OverrideAction": { "None": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AccountTakeOverValidationRule" }, "Name": "DetectCompromisedUserCredentials", "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "AWSManagedRulesATPRuleSet", "ManagedRuleGroupConfigs": [ { "AWSManagedRulesATPRuleSet": { "LoginPath": "/web/login", "RequestInspection": { "PayloadType": "JSON", "UsernameField": { "Identifier": "/form/username" }, "PasswordField": { "Identifier": "/form/password" } }, "ResponseInspection": { "StatusCode": { "SuccessCodes": [ 200 ], "FailureCodes": [ 401 ] } }, "EnableRegexInPath": false } } ] } } } ], "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "ATPValidationAcl" }, "DefaultAction": { "Allow": {} }, "ManagedByFirewallManager": false, "Id": "32q10987-65rs-4tuv-3210-98765wxyz432", "ARN": "arn:aws:wafv2:us-east-1:111122223333:regional/webacl/ATPModuleACL/32q10987-65rs-4tuv-3210-98765wxyz432", "Name": "ATPModuleACL" }, "ApplicationIntegrationURL": "https://9z87abce34ea.us-east-1.sdk.awswaf.com/9z87abce34ea/1234567a1b10/", "LockToken": "6d0e6966-95c9-48b6-b51d-8e82e523b847" }