Forum Discussion

josh6789_367239's avatar
josh6789_367239
Icon for Nimbostratus rankNimbostratus
Jul 17, 2018

F5 Rules for AWS WAF - Web exploits OWASP Rules - Blocking JIRA/Confluence Functionality

The F5 Rules for AWS WAF - Web exploits OWASP Rules is blocking certain functionality on our JIRA/Confluence servers. If we edit a page that contains macros (for example a Table of Contents), we get a 403 error and the AWS WAF rule shows that the traffic was blocked. If we edit the same page but remove the macro, the page saves correctly.

 

If we use the F5 Web Application CVE Signatures For AWS WAF rule set, everything works correctly.

 

We've been in contact with Atlassian support and they are troubleshooting the issue on the application side as well, but is there a way to tell what type of rule within the rule set might be blocking this traffic? Is there any workaround?

 

AWS
cloud
exploits
F5 Rules for AWS WAF
  • Jeff_Giroux_F5's avatar
    Jeff_Giroux_F5
    Ret. Employee
    Jan 07, 2020

    Please follow the procedure detailed in K21015971: Overview of F5 RuleGroups for AWS WAF

     

    Reporting false positives on DevCentral

     

    With full request logging you can now report on a rule that generates too many false positives. To report false positives, complete the following:

     

    • Log three to five requests that the rule has flagged as malicious requests.
    • Make sure that the requests do not contain any sensitive information; if they do, please mask the sensitive data with ****.
    • Attach the requests to a message (Ask a Question) on the DevCentral Answers forum.