Forum Discussion

Nimbostratus

Aug 25, 2022

AWS WAF ruleset OWASP_Managed rule SSRF_attempt_AllQueryArguments_Body

In our Amazon project, WAF blocks legitimate requests according to the rule_SSRF_attempt_AllQueryArguments_Body rule. How can I find out the reasons and allow traffic to pass without affecting secur...

cloud

Heath_Parrott

Employee

Aug 29, 2022

A signature based WAF is just that. To bypass a signature, the signature must be disabled. AWS WAF and all the managed rules on top of it fight this category. If you need a WAF this is highly tuned to your application stack then you will need to look for a more robust WAF such as Adv. WAF.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

AWS WAF ruleset OWASP_Managed rule SSRF_attempt_AllQueryArguments_Body

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

AWS WAF Rule F5-OWASP_Managed custom response

POC required for AWS WAF rulesets

False Positive on AWS WAF F5 Managed Rule F5#OWASP_Managed#rule_div_tagbehaviorParameter__AllQueryArguments_Body

Response generated on blocked request by OWASP Top 10 Ruleset?

Re: F5 rules for AWS WAF Terraform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS