Go to Qiita Advent Calendar Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@K-taiga

Google Playの審査時のアカウント削除要件のURLがWAFで弾かれた時の対応

Posted at

問題の概要

Google Play Consoleのアプリ審査時に提出するアカウント削除要件のURLが、AWS WAFのBot Controlルールによってブロックされるということが起きた :warning:

CleanShot 2025-10-17 at 21.39.59@2x.png

原因

  • Google Play Consoleの審査ボットがAWSManagedRulesBotControlRuleSetによってブロックされていた

対応

  • アクセスログから下記がわかるためWAFのホワイトルールに下記の条件で設定し、AWSManagedRulesBotControlRuleSetよりPriority高く設定する
User-Agent: `GooglePlayConsole` または `Google`
アクセス元のIPアドレス: ex. 10.0.0.1/16 これは審査した際に変わる可能性あるので実際の値はログから調べる

WAFのホワイトルール

{
  "Name": "AllowGooglePlayConsoleUserAgent",
  "Priority": 1,
  "Action": {
    "Allow": {}
  },
  "VisibilityConfig": {
    "SampledRequestsEnabled": true,
    "CloudWatchMetricsEnabled": true,
    "MetricName": "AllowGooglePlayConsoleUserAgent"
  },
  "Statement": {
    "AndStatement": {
      "Statements": [
        {
          "IPSetReferenceStatement": {
            "ARN": "wafのipセットのarn ここに該当のログからipアドレスを特定し許可をする"
          }
        },
        {
          "OrStatement": {
            "Statements": [
              {
                "ByteMatchStatement": {
                  "FieldToMatch": {
                    "SingleHeader": {
                      "Name": "user-agent"
                    }
                  },
                  "PositionalConstraint": "EXACTLY",
                  "SearchString": "GooglePlayConsole",
                  "TextTransformations": [
                    {
                      "Type": "NONE",
                      "Priority": 0
                    }
                  ]
                }
              },
              {
                "ByteMatchStatement": {
                  "FieldToMatch": {
                    "SingleHeader": {
                      "Name": "user-agent"
                    }
                  },
                  "PositionalConstraint": "EXACTLY",
                  "SearchString": "Google",
                  "TextTransformations": [
                    {
                      "Type": "NONE",
                      "Priority": 0
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  }
}
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?