From 7b885ae954fbf6ed228f3886859ce82e60b1776e Mon Sep 17 00:00:00 2001
From: josefaidt <josef.aidt@gmail.com>
Date: Sun, 1 Oct 2023 13:35:40 -0700
Subject: [PATCH] fix waf rules

---
 cdk/src/components/waf.ts | 30 +++++++++++-------------------
 1 file changed, 11 insertions(+), 19 deletions(-)

diff --git a/cdk/src/components/waf.ts b/cdk/src/components/waf.ts
index a5b7190b..85451348 100644
--- a/cdk/src/components/waf.ts
+++ b/cdk/src/components/waf.ts
@@ -113,15 +113,13 @@ export class WAF extends wafv2.CfnWebACL {
               // if request ends in .sql
               searchString: '.sql',
               fieldToMatch: {
-                singleHeader: {
-                  name: ':path',
-                },
+                uriPath: {},
               },
               positionalConstraint: 'ENDS_WITH',
               textTransformations: [
                 {
                   priority: 0,
-                  type: 'URL_DECODE',
+                  type: 'NONE',
                 },
               ],
             },
@@ -143,15 +141,13 @@ export class WAF extends wafv2.CfnWebACL {
               // if requested path is wp-admin
               searchString: '/wp-admin',
               fieldToMatch: {
-                singleHeader: {
-                  name: ':path',
-                },
+                uriPath: {},
               },
-              positionalConstraint: 'CONTAINS',
+              positionalConstraint: 'STARTS_WITH',
               textTransformations: [
                 {
                   priority: 0,
-                  type: 'URL_DECODE',
+                  type: 'NONE',
                 },
               ],
             },
@@ -173,15 +169,13 @@ export class WAF extends wafv2.CfnWebACL {
               // if requested path is wp-content
               searchString: '/wp-content',
               fieldToMatch: {
-                singleHeader: {
-                  name: ':path',
-                },
+                uriPath: {},
               },
-              positionalConstraint: 'CONTAINS',
+              positionalConstraint: 'STARTS_WITH',
               textTransformations: [
                 {
                   priority: 0,
-                  type: 'URL_DECODE',
+                  type: 'NONE',
                 },
               ],
             },
@@ -203,15 +197,13 @@ export class WAF extends wafv2.CfnWebACL {
               // if requested path is swagger
               searchString: '/swagger',
               fieldToMatch: {
-                singleHeader: {
-                  name: ':path',
-                },
+                uriPath: {},
               },
-              positionalConstraint: 'CONTAINS',
+              positionalConstraint: 'STARTS_WITH',
               textTransformations: [
                 {
                   priority: 0,
-                  type: 'URL_DECODE',
+                  type: 'NONE',
                 },
               ],
             },