Add all rule labels to events in F5 Rules for AWS WAF - Web exploits OWASP Rules

Hello Ryan,

In this case, the OWASP4 label was created by the terminating rule "rule_Union_Based_AllQueryArguments_Body". More importantly, we’ve received multiple reports of false positives on this rule following a recent update to our rule sets, so we’ve temporarily rolled back the update to further investigate and adjust the rules. 

If possible, could you share a few examples of the legitimate requests that were blocked by this rule? That will help us validate the false positive pattern and apply a targeted fix.

Note: With full request logging, you can share information on a rule suspected of blocking a legitimate request by performing the following tasks:

• Log the HTTP requests that were blocked and the name of the rules that matched them.
• Make sure that the requests do not contain sensitive information; if they do, mask the sensitive data with ****.
  
  

Please don’t hesitate to reach out if there’s anything else we can help with. Thank you.