Forum Discussion

jquerin's avatar
jquerin
Icon for Nimbostratus rankNimbostratus
Oct 31, 2023

OWASP Rule Groups Blocking Legitmate Requests

I have had a number of legitmate requests getting blocked according to my cloudwatch logs in AWS for our WAF using the F5 Rules for AWS WAF - Web exploits OWASP Rules.

I am attaching a few text files of the CloudWatch Data. 

  • you need to check the http request body because the error log said this:

    =========
    
    ...
    
    "terminatingRuleMatchDetails": [
    {
    "conditionType": "REGEX",
    "location": "BODY",
    "matchedData": null,
    "matchedFieldName": ""
    }
    ],
    
    ...
    
    =======

    you can use tcpdump to capture whole packets
    tcpdump ... -s 0 -f5 ssl