Forum Discussion
NimbostratusAWS WAF F5 Rules
Hello,
I looking for information about support for AWS WAF F5 Rules that I purchesed via AWS Marketplace: F5 Rules for AWS WAF Classic - Web exploits OWASP Rules.
I have a Rule Group That is blocking a request, but I don´t known if there is some kind of malware in the requets or it is a legitimate request and is blocking for some kind os issue with the rule. This is the rule:
Where Can I get support for AWS WAF F5 rules?
"ruleGroupList": [
{
"ruleGroupId": "f47e809d-57b9-4c1f-8552-b59a188fa0b1",
"terminatingRule": {
"ruleId": "55e892fa-ff64-492e-ae4f-b9cdebf49ec4",
"action": "BLOCK",
Hello Israel,
A RuleGroup is an AWS WAF container for predefined rules.
In your case: F5 Rules for AWS WAF - Web exploits OWASP Rules
These are pre-defined patterns for Negative Security policies on top of AWS WAF. (Very basic security)
Unfortunately, the AWS WAF has several limitations:
- It doesn't have the visibility you require in your use case.
- It doesn't show the full content of the request or response.
- It is simply limited to counting whether it matches or not.
- Negative security policy only!
- You can only block known attacks that match AWS WAF very limited signatures.
- No protections for unknown Zero Day vulnerabilities.
- Requires you to make your own manual security signatures.
- You have to pay for a third-party list of conditions and rules (like F5 Rules).
- Only has a few basic signatures that only protect from simple vulnerabilities.
- You need to add a better protection for the more sophisticated attacks against your apps.
- No API protection (no XML, JSON, GWT) – No HTTP/2 or Websockets
So if you need more visibility, control and security you should try and explore Advanced Web Application Firewall (WAF) which is available in the AWS Marketplace.
I hope it helps.
- It doesn't have the visibility you require in your use case.
