F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

hungnguyen-ocl's avatar
hungnguyen-ocl
Icon for Nimbostratus rankNimbostratus
May 16, 2023

Exclude some valid URI from AWS WAF and Analyze WAF results

Hello, We have subscribed to F5 Rules for AWS WAF - Web exploits OWASP Rules and applied these rules to our production with COUNT mode. After a while, we check the logs for the requests and see tha...
cloud
devops
F5 Rules for AWS WAF
security
Joel_Cohen's avatar
Joel_Cohen
Ret. Employee
May 19, 2023

Hi,

It is common that some applications require certain data in requests that resemble attacks or parts of attacks, and these are picked up by the WAF. In this case you can disable the specific rule, in the group, that is blocking the requests.

The other option is to see what is triggering the rule, and change the app to avoid it. Unofrutnately, unlike traditional, full blown WAF security solutions, the content of F5 rules for AWS WAF is not visible and cannot be viewed. You may send us the HTTP request that was blocked and the name of the rule that matched it and we can provide more information.

About your second question to exclude URIs - The F5 Rule groups only inspect the traffic and match it against the rules to detect possible attacks. Control over which traffic to inspect and which not to is done by the AWS WAF infrastructure. 

I hope this answers your questions.

Joel