Forum Discussion

Chisato_Horimiz's avatar
Chisato_Horimiz
Icon for Nimbostratus rankNimbostratus
Nov 24, 2021

Detail of AWS WAF - Web Exploits Rules by F5's Rule

When we upload the Excel file, it is blocked by Web Exploits Rules by F5's Rule.   please see below WAFlog. ----------------------------------------------------------------------- {"timestamp":...
AWS
F5 Rules for AWS WAF
security
boneyard's avatar
boneyard
Icon for MVP rankMVP
Nov 27, 2021

you can download a file here that lists the ID and the type of attack

 

https://devcentral.f5.com/s/articles/f5-rules-for-aws-waf-rule-id-to-attack-type-reference-33105

 

for c0ae2d87-48f1-4813-9e91-3e723f8d7b36 that is Server Side Code Injection

 

so there probably is something inside the excel file that looks like a server side code injection. which i can imagine for files as they can contain all kind of texts that triggers something like that.

 

perhaps someone from the AWS WAF team can provide more details.

  • Chisato_Horimiz's avatar
    Chisato_Horimiz
    Icon for Nimbostratus rankNimbostratus
    Dec 01, 2021

    Thank you for your Answer.

  • jason_dang's avatar
    jason_dang
    Icon for Nimbostratus rankNimbostratus
    May 04, 2022

    Hi Boneyard,

    I tried to download the csv file but it's failed to open because of interruption.
    Can you please help me to identify the content of ruleGroupID: 863ec017-6edf-44c1-9995-9db6eaf817f1 and ruleID: 8516ab57-0a98-425c-8710-3fef0d7352ca ?

    My app is blocked by that rule. I'd like to know what content of it so that I can fix it.

    Regards,
    Jason