Forum Discussion

Nimbostratus

Oct 31, 2023

OWASP Rule Groups Blocking Legitmate Requests

I have had a number of legitmate requests getting blocked according to my cloudwatch logs in AWS for our WAF using the F5 Rules for AWS WAF - Web exploits OWASP Rules. I am attaching a few text file...

Blocked Rules.zip6 KB

Nacreous

Dec 05, 2023

you need to check the http request body because the error log said this:

=========

...

"terminatingRuleMatchDetails": [
{
"conditionType": "REGEX",
"location": "BODY",
"matchedData": null,
"matchedFieldName": ""
}
],

...

=======

you can use tcpdump to capture whole packets
tcpdump ... -s 0 -f5 ssl

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

OWASP Rule Groups Blocking Legitmate Requests

Recent Discussions

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Related Content

Microservices priority, Blocked Request (Redirect URL)

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

Block requests by reverse DNS record

Block Referral Requests

ASM blocked request contains & (ampersand) symbol in parameter value

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS