Disable SizeRestrictions_BODY:count

whi-tw · whi-tw · commit 28a62cf02c8f · 2025-10-15T11:04:32.000+01:00
This was left at `count` to monitor for false positives after adding
bypass rules. After monitoring for 2 months with only two valid hits
(both on `preview-draft` URIs), we are happy to finally disable the
override.
diff --git a/infra/modules/cloudfront_waf_protection/waf.tf b/infra/modules/cloudfront_waf_protection/waf.tf
@@ -378,13 +378,6 @@ resource "aws_wafv2_web_acl" "this" {
       managed_rule_group_statement {
         name        = "AWSManagedRulesCommonRuleSet"
         vendor_name = "AWS"
-
-        rule_action_override {
-          name = "SizeRestrictions_BODY"
-          action_to_use {
-            count {} # Switch to count action, to check for false positives after applying new bypass rules
-          }
-        }
       }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -378,13 +378,6 @@ resource "aws_wafv2_web_acl" "this" {`
`378`	`378`	`managed_rule_group_statement {`
`379`	`379`	`name = "AWSManagedRulesCommonRuleSet"`
`380`	`380`	`vendor_name = "AWS"`
`381`		`-`
`382`		`- rule_action_override {`
`383`		`- name = "SizeRestrictions_BODY"`
`384`		`- action_to_use {`
`385`		`- count {} # Switch to count action, to check for false positives after applying new bypass rules`
`386`		`- }`
`387`		`- }`
`388`	`381`	`}`
`389`	`382`	`}`
`390`	`383`