Forum Discussion

Nimbostratus

Aug 30, 2023

Help with investigating the cause for blocked request

Hi, We are subscribed to F5 Rules for AWS WAF - Web exploits OWASP Rules via AWS Marketplace and use it for our WAF config. We see some requests are getting blocked and see which rule triggers it. ...

F5 Rules for AWS WAF

security

Amine_Kadimi

MVP

Sep 01, 2023

The ruleid _XSS_script_tag__Parameter__AllQueryArguments_Body suggests a XSS script tag detected (> or < signs), could you check your request payload and confirm that?

kepler
Nimbostratus
Sep 05, 2023
Hi Amine_Kadimi ,
Thanks for reply.
Yes the body of the request has "<>" because it's an xml.
What's the best way to exclude it and do you have any documentation on what exactly is checked by your rules?
Thanks!

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Help with investigating the cause for blocked request

Recent Discussions

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

ports are showing open on online scanning tool

how to whitelist new source IP on F5 web UI access

Related Content

Knowledge sharing: Investigating/troubleshooting crash and failover events

Block Referral Requests

ASM Sanitize Blocking Page Requests

Response and blocking page

MS Exchange ProxyNotShell block implemented via iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS