feat(waf): add new check waf_global_rulegroup_not_empty
#5467
+515
−45
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
AWS WAF Classic global rule groups
allow you to manage multiple web access rules in a unified structure, providing better scalability and simplified security management. By grouping multiple rules, administrators can apply comprehensive security controls to monitor and filter web traffic based on predefined conditions. Having at least onerule
within arule group
is necessary for ensuring that web traffic is effectively inspected and that appropriate actions are taken on requests, such as allowing, blocking, or counting them.Description
This check verifies that
AWS WAF Classic global rule groups
contain at least onerule
. If no rules are present, the group does not perform any inspection of web traffic, potentially allowing all traffic to pass unchecked.Checklist
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.