Forum Discussion

avinasheokumar1's avatar
avinasheokumar1
Icon for Nimbostratus rankNimbostratus
Mar 05, 2024

F5 API Security on AWS WAF

Hello community,

 

We have deployed multiple APIs on EKS and have exposed them using an application load balancer. I have added AWS WAF on top of the ALB. I am using XML payload in the API and for XML security, I have enabled F5 API Security managed rule for WAF.

 

My question is: Does F5 managed rule for API Security on AWS WAF provides XML validation? If yes, what rule is that inside the managed rule set? Can we configure the F5 managed rule to check my XML payload based on regex? How can I configure it?

 

Thanks in advance!

 

Avinash

  • To: avinasheokumar1@DogNeedsBest

    My question is: Does F5 managed rule for API Security on AWS WAF provides XML validation? If yes, what rule is that inside the managed rule set? Can we configure the F5 managed rule to check my XML payload based on regex? How can I configure it?

    Yes, F5 managed rule for API Security on AWS WAF does provide XML validation. The rule that performs this function is called API Attack Protection Ruleset. For configure the F5 managed rule, You can make your own rule to check your XML payload based on regex. Regex is a way to find patterns in text. You can use the regexMatch or regexMatchIgnoreCase operators to do this and add your own rule to your web ACL and link it with the F5 API Security Ruleset. You can find more information on how to make and manage your own rules for AWS WAF in the AWS documentation.