Forum Discussion

Nimbostratus

Jan 18, 2024

AWS WAF F5 rules - Does it also scans file ?

In one of API request in our application where we upload a file is getting blocked by F5 rule

"ruleId": "rule_SQL_INJ_end_quote_UNION__Parameter__AllQueryArguments_Body". Can someone confirm if F5 also scans the file and identify potential vulnerability ?

cloud

F5 Rules for AWS WAF

security

1 Reply

Heath_Parrott
Ret. Employee
Jan 18, 2024
Any ISV that provides WAF rules to AWS is subject to how the AWS WAF engine and HTTP work. When a file is uploaded via HTTP it is attached to the HTTP POST request as the body. This could be a multipart form, raw content or a URL link to upload. The AWS WAF engine is capable of scanning the body up to the size limts.

What was logged in the terminating rule matching details - "terminatingRuleMatchDetails": [],?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

AWS WAF F5 rules - Does it also scans file ?

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

SSO login for APM Profiles

LTM issue Openning new web browser tab

SFP Port LEDs Blinking Yellow

Can F5 restrict the file types transferred via FTP?

Kerberos Authentication Failing for Exchange 2016 Behind F5 Cloud WAF

Related Content

Introducing F5 Distributed Cloud Web App Scanning

Advanced iRules: Scan

Advanced iRules: Binary Scan

OWASP Automated Threats - OAT-014 Vulnerability Scanning

F5 Distributed Cloud Origin Server Subset Rules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS