feat(waf): add new check waf_global_webacl_with_rules
#5469
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
AWS WAF Classic global web ACLs
(Web Access Control Lists) are essential for controlling access to web applications. A web ACL can include a set ofrules
orrule groups
that filter and manageHTTP
andHTTPS
requests. These rules help define which traffic should be allowed, blocked, or counted, improving security and controlling access to your AWS resources such asCloudFront distributions
.Description
This check verifies whether an
AWS WAF Classic global web ACL
contains at least onerule
orrule group
. If no rules or rule groups are present, the web traffic might pass without inspection, leaving the application vulnerable to attacks.Checklist
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.