Forum Discussion

Nimbostratus

Jun 17, 2022

WAFの検知テスト（WAF detection test）

AWS WAF（F5マネージドルール）が正常に適用されているかどうかをテストする方法を教えてください。 WAFによってブロックされていることを確認したいと思います。 Please tell me how to test whether AWS WAF (F5 Managed Rules) is applied normally. I want to make sure it is bloc...

security

Daniel_Wolf

MVP

Jun 18, 2022

Hi gmt20trisc00,

are you looking for a basic test to verify that the rules are detecting attacks? You could try some proof of concept exploit like appending one of these two examples to your URL.

/?cmd=cat%20/etc/passwd

/<script>alert("XSS Attack");</script>

That'll do no harm, but an active WAF should block these requests (or, if not in blocking mode, raise an alert).

KR
Daniel

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

WAFの検知テスト（WAF detection test）

Recent Discussions

Decode ObjectSID from Base64-encode string

ip x-forwarding

F5 ASM API-Protection Policy

ports are showing open on online scanning tool

Upgrade F5 BIGIP

Related Content

VIPTest: Rapid Application Testing for F5 Environments

HTTP cookie SameSite: test detection of browsers with incompatible SameSite=None handling

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Operationlizing Online Fraud Detection, Prevention, and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS