Forum Discussion
NimbostratusF5-OWASP_Managed (rule_General_Protection_AllQueryArguments_Body)
Hello All,
We experienced unexpected blocking of legitimate traffic in our WAF that significantly impacted our services.
And we found the reason is
{
"timestamp": 1752430193632,
"formatVersion": 1,
"webaclId": "arn:aws:wafv2:me-central-1:1047******:regional/webacl/******-*****-waf/67d0d073-8a81-4**f-9f48-8******c2d15",
"terminatingRuleId": "F5-OWASP_Managed",
"terminatingRuleType": "MANAGED_RULE_GROUP",
"action": "BLOCK",
"terminatingRuleMatchDetails": [
{
"conditionType": "REGEX",
"location": "BODY",
"matchedData": null,
"matchedFieldName": ""
}
And the rule that did that is
{
"ruleGroupId": "F5#OWASP_Managed",
"terminatingRule": {
"ruleId": "rule_General_Protection_AllQueryArguments_Body",
"action": "BLOCK",
"ruleMatchDetails": null
},
We didn't change anything for the application side, also it was working well for more than a month.
Is there any update happened yesterday (13/7/2025) on regex for F5-OWASP_Managed (rule_General_Protection_AllQueryArguments_Body)
2 Replies
Benjamin_SerfatEmployee
F5 OWASP Managed WAF Rules went through a rule update on Sunday, July 13th, which affected some customers and blocked legitimate traffic.
We have since fixed the issue. The false positives should no longer occur as of Tuesday, July 15th.
We apologize for the disruption to service
