F5 AWS WAF rule false positive

Hello,

We are using F5 WAF rule-group from the AWS MarketPlace.

We are consistently, getting false-positive for the rule-id, 97c50551-17ba-4fe3-a754-8d2cbdfbfe39

Two legitimate requests which triggered these requests were sent via Rest API and are specified below:

Request 1:

headers": [
      {
        "name": "Host",
        "value": "<blanked out>"
      },
      {
        "name": "Content-Length",
        "value": "1708"
      },
      {
        "name": "Content-Type",
        "value": "application/json"
      },
      {
        "name": "tenant-id",
        "value": "<blanked out>"
      },
      {
        "name": "organization-id",
        "value": "<blanked out>"
      },
      {
        "name": "X-AUTH-TOKEN",
        "value": "<blanked out>"
      },
      {
        "name": "User-Agent",
        "value": "PostmanRuntime/7.13.0"
      },
      {
        "name": "Accept",
        "value": "*/*"
      },
      {
        "name": "Cache-Control",
        "value": "no-cache"
      },
      {
        "name": "Postman-Token",
        "value": "<blanked out>"
      },
      {
        "name": "cookie",
        "value": "JSESSIONID=<blanked out>; X-AUTH-TOKEN=<blanked out>; X-REFRESH-TOKEN=<blanked out>"
      },
      {
        "name": "accept-encoding",
        "value": "gzip, deflate"
      }
    ],
    "uri": "//integration/productandpricing/fullProduct",
    "args": "",
    "httpVersion": "HTTP/1.1",
    "httpMethod": "POST",
    "requestId": null
  }

Request 2:

 {
        "name": "Host",
        "value": "<blanked out>"
      },
      {
        "name": "Content-Length",
        "value": "1709"
      },
      {
        "name": "Content-Type",
        "value": "application/json"
      },
      {
        "name": "tenant-id",
        "value": "<blanked out>"
      },
      {
        "name": "organization-id",
        "value": "<blanked out>"
      },
      {
        "name": "X-AUTH-TOKEN",
        "value": "<blanked out>"
      },
      {
        "name": "User-Agent",
        "value": "PostmanRuntime/7.13.0"
      },
      {
        "name": "Accept",
        "value": "*/*"
      },
      {
        "name": "Cache-Control",
        "value": "no-cache"
      },
      {
        "name": "Postman-Token",
        "value": "<blanked out>"
      },
      {
        "name": "cookie",
        "value": "JSESSIONID=<blanked out>; X-AUTH-TOKEN=<blanked out>; X-REFRESH-TOKEN=<blanked out>"
      },
      {
        "name": "accept-encoding",
        "value": "gzip, deflate"
      }
    ],
    "uri": "//integration/productandpricing/fullProduct",
    "args": "",
    "httpVersion": "HTTP/1.1",
    "httpMethod": "POST",
    "requestId": null
  }

Forum Discussion

F5 AWS WAF rule false positive

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

F5 Distributed Cloud WAF AI/ML Model to Suppress False Positives

Handle False Positive for files upload

CMS causing False Positives

Separating False Positives from Legitimate Violations

Attack Signature False Positive Mode

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS