Forum Discussion

Nimbostratus

Jul 20, 2022

F5 rules for AWS WAF

I have enabled the OWASP top 10 ruleset on one of our AWS WAFs however we are still seeing a High vulnerability for Reflected Cross-Site Scripting (XSS) in HTTP Header. Specifically in the cookie's cc_mode parameter.

I am looking for a way to protect against this type of attack.

cloud

security

1 Reply

Erik_Novak
Employee
Jul 20, 2022
Can you add the cc_parameter to the ruleset and then apply attack signatures to that parameter?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 rules for AWS WAF

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Using AWS CloudHSM with F5 BIG-IP

F5 Rules for AWS WAF - Rule ID to Attack Type Reference

F5 rules for AWS WAF Terraform

Living on the AWS Edge - BIG-IP on AWS Outposts

AWS Transit Gateway Connect: GRE + BGP = ?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS