Forum Discussion

stermaat's avatar
stermaat
Icon for Nimbostratus rankNimbostratus
Jul 14, 2025
Solved

Silent update AWS Marketplace F5 OWASP

We use the F5 Rules for AWS WAF - Web exploits OWASP Rules for our WAF setup.

Since 2025-07-13 T21:00:00 we see an enormous increase in blocked traffic on three rules blocking our legitimate traffic globally (on approx. 40 servers for different customers). 

Has a silent update been pushed (to the regex or something)?

We've been reviewing our codebase and IaC logs - no changes from our side.

The three rules that suddenly spike: 

rule_Cross_Site_Scripting_AllQueryArguments_Body

rule_General_Protection__URI__UriPath

rule_General_Protection_AllQueryArguments_Body

F5 Rules for AWS WAF
security
  • VGF5's avatar
    VGF5
    Jul 14, 2025

    It appears that the system automatically updates its rules, and no customer action is necessary or feasible to control the timing or content of these updates.

    Check the following article :

    K21015971: Overview of F5 rule groups for AWS WAF

    Open ticket with F5 and get the more details.

     

2 Replies

  • VGF5's avatar
    VGF5
    Icon for Cumulonimbus rankCumulonimbus
    Jul 14, 2025

    It appears that the system automatically updates its rules, and no customer action is necessary or feasible to control the timing or content of these updates.

    Check the following article :

    K21015971: Overview of F5 rule groups for AWS WAF

    Open ticket with F5 and get the more details.

     

  • Benjamin_Serfat's avatar
    Benjamin_Serfat
    Icon for Employee rankEmployee
    Jul 20, 2025

    F5 OWASP Managed WAF Rules went through a rule update on Sunday, July 13th, which affected some customers and blocked legitimate traffic.
    We have since fixed the issue. The false positives should no longer occur as of Tuesday, July 15th.
    We apologize for the disruption to service