'AWS Bot control on http Library

In my project , I need to retrieve client ip address and browser info from api hit. For that my code is as follows

from fastapi import FastAPI
from starlette.requests import Request
import httpagentparser
app = FastAPI()


@app.get("/test")
def read_root(request: Request):
    client_host = request.client.host
    browser = request.headers['user-agent'] 
   
    browser_parser = httpagentparser.simple_detect(browser)
    # 0 - Device OS, 1 - Browser (Safari, chrome )
    browser_name = browser_parser[0] + " , " + browser_parser[1]
    return {"client_host": client_host, "browser_name ": browser_name }

This is launched at AWS Lambda and when I make a request API , request goes throgh APIgateway with AWS Lambda as backend integration. The request is successful.

But when I enable AWS bot control , then all my requests are blocked by Bot control enabled under AWS WAF.While I look Sample of Bot categories , it is written requests blocked due to http_library.

How can I solved this problem to make my request successful after enabling AWS bot control?

python-requests


Solution 1:[1]

You can customize WAF behavior for your needs. look at this - https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/ - Case 2.

In general:

  • you set the rule that block your request to COUNT (http_library rule probably) - this will add a LABEL with this rule to the request passing to next rules.
  • Define another rule (with lower priority) to block all requests with this LABEL, except some criteria you define to mark your requests. It can be a special header you send, or your unique user-agent, or your route, any of that kind. This will block all requests of that rule, expect for yours.

Your whitelisting rule will look something like this (example of whitelisting a specific route for a rule:

{
  "Name": "whitelist-by-route",
  "Priority": 6,
  "Statement": {
    "AndStatement": {
      "Statements": [
        {
          "LabelMatchStatement": {
            "Scope": "LABEL",
            "Key": "awswaf:managed:aws:bot-control:bot:category:http_library"
          }
        },
        {
          "NotStatement": {
            "Statement": {
              "RegexMatchStatement": {
                "RegexString": "api/some_route",
                "FieldToMatch": {
                  "UriPath": {}
                },
                "TextTransformations": [
                  {
                    "Priority": 0,
                    "Type": "NONE"
                  }
                ]
              }
            }
          }
        }
      ]
    }
  },
  "Action": {
    "Block": {}
  },

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 yuval yacoby

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function