Forum Discussion
avinasheokumar1
Nimbostratus
NimbostratusF5 API Security on AWS WAF
Hello community, We have deployed multiple APIs on EKS and have exposed them using an application load balancer. I have added AWS WAF on top of the ALB. I am using XML payload in the API and for ...
BookerE1Nimbostratus
NimbostratusTo: avinasheokumar1@DogNeedsBest
My question is: Does F5 managed rule for API Security on AWS WAF provides XML validation? If yes, what rule is that inside the managed rule set? Can we configure the F5 managed rule to check my XML payload based on regex? How can I configure it?
Yes, F5 managed rule for API Security on AWS WAF does provide XML validation. The rule that performs this function is called API Attack Protection Ruleset. For configure the F5 managed rule, You can make your own rule to check your XML payload based on regex. Regex is a way to find patterns in text. You can use the regexMatch or regexMatchIgnoreCase operators to do this and add your own rule to your web ACL and link it with the F5 API Security Ruleset. You can find more information on how to make and manage your own rules for AWS WAF in the AWS documentation.