For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chisato_Horimiz's avatar
Chisato_Horimiz
Icon for Nimbostratus rankNimbostratus
Nov 24, 2021

Detail of AWS WAF - Web Exploits Rules by F5's Rule

When we upload the Excel file, it is blocked by Web Exploits Rules by F5's Rule.   please see below WAFlog. ----------------------------------------------------------------------- {"timestamp":...
aws
F5 Rules for AWS WAF
security
boneyard's avatar
boneyard
Icon for MVP rankMVP
Nov 27, 2021

you can download a file here that lists the ID and the type of attack

 

https://devcentral.f5.com/s/articles/f5-rules-for-aws-waf-rule-id-to-attack-type-reference-33105

 

for c0ae2d87-48f1-4813-9e91-3e723f8d7b36 that is Server Side Code Injection

 

so there probably is something inside the excel file that looks like a server side code injection. which i can imagine for files as they can contain all kind of texts that triggers something like that.

 

perhaps someone from the AWS WAF team can provide more details.

jason_dang's avatar
jason_dang
Icon for Nimbostratus rankNimbostratus
May 04, 2022

Hi Boneyard,

I tried to download the csv file but it's failed to open because of interruption.
Can you please help me to identify the content of ruleGroupID: 863ec017-6edf-44c1-9995-9db6eaf817f1 and ruleID: 8516ab57-0a98-425c-8710-3fef0d7352ca ?

My app is blocked by that rule. I'd like to know what content of it so that I can fix it.

Regards,
Jason