All POST methods returning with error 403 forbidden
I am unsure what the issue was but when cloudbric OWASP top 10 ruleset was turned on all my post methods return with a 403 error.
I have tried contacting the developer to see if they have a developer guide or some hints, but no response.
The app has been built to comply with the OWASP ASVS and the AWS provided rules do not affect its function.
Greetings from Cloudbric. We are very sorry for the inconvenience. However, we are unable to determine which rule caused the error with just the 403 error message alone. To see which rule caused the block, please follow the instructions below. 1. Check the Overview of the WebACL page. You can check which rule caused the action to be detected and blocked from the "Overview" section of the "WebACL page." 2. Set up the WebACL Logs. You can enable the WebACL "Logs" to check the logs. The instructions to enabling the WebACL "Logs" is as follows https://docs.aws.amazon.com/waf/latest/developerguide/logging.html Please keep in mind that the Request Body of AWS WAF log is not recorded. Therefore the cause of any Over detection or False detection occuring in the Request Body may be unable to verify. After checking for the rule that caused the Over detection or False detection, you can create an exception with the following steps, which will most likely solve your problem. 1. Select the WebACL used for the AWS WAF, and click the "Rules" tab. 2. Go to; "CloudbricCorp"-"Cloudbric_OWASPTop10RuleSet," and click "Edit." 3. Activate "RuleAction Count" for the rule causing the Over detection or False detection and click "Save Rule." If you experience any difficulties, you may also refer to the following document. Document-p17 "Example 2: Override rules using AWS Managed Rules" https://docs.aws.amazon.com/whitepapers/latest/guidelines-for-implementing-aws-waf/guidelines-for-implementing-aws-waf.pdf