For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AshSap's avatar
AshSap
Icon for Nimbostratus rankNimbostratus
Sep 25, 2019

F5 AWS WAF rule false positive

Hello,

We are using F5 WAF rule-group from the AWS MarketPlace.

We are consistently, getting false-positive for the rule-id, 97c50551-17ba-4fe3-a754-8d2cbdfbfe39

Two legitimate requests which triggered these requests were sent via Rest API and are specified below:

Request 1: 

headers": [
      {
        "name": "Host",
        "value": "<blanked out>"
      },
      {
        "name": "Content-Length",
        "value": "1708"
      },
      {
        "name": "Content-Type",
        "value": "application/json"
      },
      {
        "name": "tenant-id",
        "value": "<blanked out>"
      },
      {
        "name": "organization-id",
        "value": "<blanked out>"
      },
      {
        "name": "X-AUTH-TOKEN",
        "value": "<blanked out>"
      },
      {
        "name": "User-Agent",
        "value": "PostmanRuntime/7.13.0"
      },
      {
        "name": "Accept",
        "value": "*/*"
      },
      {
        "name": "Cache-Control",
        "value": "no-cache"
      },
      {
        "name": "Postman-Token",
        "value": "<blanked out>"
      },
      {
        "name": "cookie",
        "value": "JSESSIONID=<blanked out>; X-AUTH-TOKEN=<blanked out>; X-REFRESH-TOKEN=<blanked out>"
      },
      {
        "name": "accept-encoding",
        "value": "gzip, deflate"
      }
    ],
    "uri": "//integration/productandpricing/fullProduct",
    "args": "",
    "httpVersion": "HTTP/1.1",
    "httpMethod": "POST",
    "requestId": null
  }

Request 2: 

 {
        "name": "Host",
        "value": "<blanked out>"
      },
      {
        "name": "Content-Length",
        "value": "1709"
      },
      {
        "name": "Content-Type",
        "value": "application/json"
      },
      {
        "name": "tenant-id",
        "value": "<blanked out>"
      },
      {
        "name": "organization-id",
        "value": "<blanked out>"
      },
      {
        "name": "X-AUTH-TOKEN",
        "value": "<blanked out>"
      },
      {
        "name": "User-Agent",
        "value": "PostmanRuntime/7.13.0"
      },
      {
        "name": "Accept",
        "value": "*/*"
      },
      {
        "name": "Cache-Control",
        "value": "no-cache"
      },
      {
        "name": "Postman-Token",
        "value": "<blanked out>"
      },
      {
        "name": "cookie",
        "value": "JSESSIONID=<blanked out>; X-AUTH-TOKEN=<blanked out>; X-REFRESH-TOKEN=<blanked out>"
      },
      {
        "name": "accept-encoding",
        "value": "gzip, deflate"
      }
    ],
    "uri": "//integration/productandpricing/fullProduct",
    "args": "",
    "httpVersion": "HTTP/1.1",
    "httpMethod": "POST",
    "requestId": null
  }

No RepliesBe the first to reply