Forum Discussion
Nimbostratus"F5 Rules for AWS WAF Web exploits" blocks client request with large body
After I added "F5 Rules for AWS WAF Web exploits" to our AWS load balancer Web ACL I started seeing that calls to one of our APIs are being blocked. This API is being used to allow users save their trip plan: the body of the post request contains json in a size that is average 25K.
What can I do about it? currently I had to disable F5 rules.
Simon_BlakelyEmployee
What is the actual logged violation?
Yosi_373863It says "AWS WAF - Web Exploits Rules by F5" without any further details. Is there anyway to see the exact rule that caused the violation?
- Yosi_373863
When purchasing the product on AWS it says that F5 support is available through this forum. Why no one is answering?
- Simon_Blakely
As detailed in
K21015971: Overview of F5 RuleGroups for AWS WAF
the primary avenue of support for F5 RuleGroups for AWS WAF is AWS Support
F5 Rules for AWS WAF - Bot Protection Rules
Please contact AWS Support (https://aws.amazon.com/contact-us) for AWS WAF related assistance
AWS do have a channel for accessing F5 Support, and access into the violation information.
Otherwise, you need to post an example blocked request (at least the headers) that may provide some clues as to the sort of violation that is being triggered.
Is the Content-Type being correctly set as JSON? Hi Yosi,
Were you able to get a response by contact AWS Support for this?
Please follow the procedure detailed in K21015971: Overview of F5 RuleGroups for AWS WAF
Reporting false positives on DevCentral
With full request logging you can now report on a rule that generates too many false positives. To report false positives, complete the following:
- Log three to five requests that the rule has flagged as malicious requests.
- Make sure that the requests do not contain any sensitive information; if they do, please mask the sensitive data with ****.
- Attach the requests to a message (Ask a Question) on the DevCentral Answers forum.
