iranthawow
Apr 26, 2023Nimbostratus
False Positive on AWS WAF F5 Managed Rule F5#OWASP.rule_SQL_INJ_SELECT_DATABASE____Parameter__AllQue
Hello
We have setup AWS WAF2 with F5 OWASP Subscription and currently getting some False Positive requests Blocks. We need support from F5support.
We recently enabled "F5-OWASP_Managed" rules set on a AWS WAFv2 and Once we did we started seeing a false positive for an API call with the following rule...
F5#OWASP.rule_SQL_INJ_SELECT_DATABASE____Parameter__AllQueryArguments_Body
After some further investigation we discovered the rule is tripped when we make a request to export data to a CSV file.
Can you give us more background information on exactly what this rule is doing and how we should go about avoiding this false positive?
Regards
Irantha