Forum Discussion

Nimbostratus

Jan 07, 2022

Impact of adding new rules in Block mode

When new rules are added to a managed rule set, they are added in Block mode. In a production environment, that could cause legitimate traffic to start being blocked. How are customers supposed...

MVP

Jan 26, 2022

The AWS WAF is basically linux modsecurity so no matter if you use the F5 rules or AWS ones this are the AWS WAF limitations as there is no machine learning or new rules or modified being placed in learning mode like the F5 signatures.

The only option I can suggest is to use AWS waf version managment and to change the "default" setting to a specific version and each week to manially check for a new version and if there is a new version to select it and then to test in a test window. you my try to automate this in some way.

https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups-versioning.html

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Impact of adding new rules in Block mode

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

F5 Distributed Cloud Origin Server Subset Rules

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

Remove subnet from NAT pools without any impact

LTM Cipher rule

F5 Distributed Cloud Network Firewall Rule Evaluation and Packet Flow

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS