Forum Discussion
AWS F5 Managed WAF rules not blocking simple SQL injection
Is it possible your F5 RuleGroups were not configured to block but rather to just count violations? Per K21015971:
Configuring RuleGroups
You configure a RuleGroup with one of two Action values: Block or Count. When a RuleGroup Action is set to Block, it blocks traffic, and when it is set to Count, the following behaviors occur:
- Traffic is allowed to pass through AWS WAF, even when the traffic matches the conditions of a rule.
- Traffic that matches the conditions of a RuleGroup generate CloudWatch metrics, which you can use for troubleshooting.
I confirm the rule group has NOT been set to Count.
Btw, the https://support.f5.com/csp/article/K21015971 page seems a little bit outdated. The Actions are named 'No override' (instead of Block) and 'Override to count (instead of Count)'. See AWS documentation: https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com