Forum Discussion

Altocumulus

Sep 18, 2019

AWS F5 Managed WAF rules not blocking simple SQL injection

We have subscribed to the "F5 Rules for AWS WAF - API Security Rules". Product page: https://aws.amazon.com/marketplace/pp/B07M948X2H. A Web ACL has been created in our AWS account using this group ...

Altocumulus

I confirm the rule group has NOT been set to Count.

Btw, the https://support.f5.com/csp/article/K21015971 page seems a little bit outdated. The Actions are named 'No override' (instead of Block) and 'Override to count (instead of Count)'. See AWS documentation: https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html.

tbriot

Altocumulus

Sep 23, 2019

How can F5 help our team resolve this issue ?

Looks like K21015971 recommends to contact AWS Support but i don't see how AWS could help since F5 is implementing the rules.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

AWS F5 Managed WAF rules not blocking simple SQL injection

Recent Discussions

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Related Content

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

WAF evasion techniques for Command Injection

AI Security : Prompt Injection and Insecure Output Handling.

Automating ACMEv2 Certificate Management on BIG-IP

Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS