Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Mar 10, 2025

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

I have subscribed to 'F5 rules for AWS WAF' Common Vulnerabilities & Exposures (CVE) Rules in AWS market place and protected the ALB's. Even after enabled, I see my web server got affected by jsp web shell attack and found war file deployed by unauthorized user.

Can you please let me know what are the rules available to protect from jsp web shell attack?

2 Replies

Enes_Afsin_Al
MVP
Mar 27, 2025
Hi ajayp,

The content of F5 rules is not visible and cannot be viewed.

REF: https://my.f5.com/manage/s/article/K21015971

You can also check buulam's answer.

Link: F5 Rules for AWS WAF - List of CVE | DevCentral
LiefZimmerman
Admin
May 27, 2025
ajayp - if this was solved for you please consider marking Enes_Afsin_Al answers as Solution.

Welcome! a la Communidad DevCentral LATAM de F5!

LATAM Users Articles

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5