Giridharan_2650
Apr 19, 2018Nimbostratus
AWS F5 Managed WAF rules not blocking the vulnerabilities
We have subscribed to the AWS Managed WAF rules in our AWS instance and attached with to a WEB ACL and ALB for testing . The default condition for the Rule Set is configured to block and we tried injected few sample OWASP sample blocks for SQL and XSS but the WAF rule set is not blocking them and bypassing to the default action of the WEB ACL to allow .Following are the signature sets subscribed and tried (F5 Rules for AWSWAF—Web exploits OWASP Rules and Common Vulnerabilities and Exposures (CVE) ). Has any one tried this and succeeded . Any input is appreciated