WAF web ACLs should have at least one rule or rule group

waf
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This control verifies that an AWS WAFV2 web access control list (web ACL) includes at least one rule or rule group. The control is considered non-compliant if a web ACL lacks any rules or rule groups.

A web ACL provides detailed control over all HTTP(S) web requests to your protected resource. It should include a set of rules and rule groups that examine and manage web requests. If a web ACL is empty, web traffic might pass through without being inspected or managed by AWS WAF, depending on the default action.

Please note that AWS WAF Classic ACLs are not evaluated by this control.

Remediation

For guidance on adding rules or rule groups to WAFV2 web ACLs, please refer to the Editing a web ACL section in the AWS WAF User Guide.

PREVIEWING: dgreen15/github-error-fix