Forum Discussion

Nimbostratus

Aug 29, 2023

Help with investigating the cause for blocked request

Hi, We are subscribed to F5 Rules for AWS WAF - Web exploits OWASP Rules via AWS Marketplace and use it for our WAF config. We see some requests are getting blocked and see which rule triggers it. ...

F5 Rules for AWS WAF

security

Amine_Kadimi

MVP

Aug 31, 2023

The ruleid _XSS_script_tag__Parameter__AllQueryArguments_Body suggests a XSS script tag detected (> or < signs), could you check your request payload and confirm that?

kepler
Nimbostratus
Sep 04, 2023
Hi Amine_Kadimi ,
Thanks for reply.
Yes the body of the request has "<>" because it's an xml.
What's the best way to exclude it and do you have any documentation on what exactly is checked by your rules?
Thanks!

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Help with investigating the cause for blocked request

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM/AWAF declarative policy

Changes to DO and AS3 GitHub - no longer monitored

Help with SSH Virtual Server

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

Ultimate irule debug - Capture and investigate

Knowledge sharing: High CPU/Memory/Swap investigation/troubleshooting

Logging/Blocking possible prompt injection

Knowledge sharing: Troubleshooting/investigating SSL and HTTP issues

Block requests by reverse DNS record

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS