For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

vaibhavkumar-savkare's avatar
vaibhavkumar-savkare
Icon for Nimbostratus rankNimbostratus
Jan 13, 2023

F5 rules for AWS WAF: API Blocked Due to F5 Rule set

Hello, We have WAF ACL "bl-prd-crm-acl" for our production workload. One of our production api URL  was got blocked due to this as it was due to F5 Rule. with error 403 forbidden. Time Frame...
cloud
vaibhavkumar-savkare's avatar
vaibhavkumar-savkare
Icon for Nimbostratus rankNimbostratus
Jan 27, 2023

Hello,

I am checking with my team if I can share packet payload or not.

 

Till then can you please provide detailed documentaion for ruleid=rule_XSS_script_tag__Parameter__AllQueryArguments_Body

 

[{rulegroupid=F5#OWASP_Managed, terminatingrule={ruleid=rule_XSS_script_tag__Parameter__AllQueryArguments_Body, action=BLOCK, rulematchdetails=null}, nonterminatingmatchingrules=[], excludedrules=null}]
Joel_Cohen's avatar
Joel_Cohen
Icon for Employee rankEmployee
Feb 01, 2023

Hello,

The rule mentioned is related to cross-site scripting. Unlike traditional, full blown WAF security solutions, the content and detailed descriptions of F5 rules cannot be viewed.

If the rule was blocking legitimate traffic, you can disable it.

I hope this helps

Thanks

Joel