What is the rule_SSRF_attempt_AllQueryArguments_Body actually checking for

Question

My project have implemented the F5 managed AWS WAF ruleset OWASP_Managed and we've noticed that the WAF is blocking the following rule :

rule_SSRF_attempt_AllQueryArguments_Body

I need to understand what this rule is actually doing under the covers so that we can establish why it is being triggered. I can't find any documentation that describes what this rule, or any others in the ruleset, is checking for, can anyone tell me where I can find the documentation that explains?

mohamedfaizur · Answer

Hi,Unlike traditional, full blown WAF security solutions, the content of F5 rules is not visible and cannot be viewed. Please send us the HTTP request that was blocked . We will confirm whether the rule blocked a true malicious request or not. Thanks

Forum Discussion

What is the rule_SSRF_attempt_AllQueryArguments_Body actually checking for

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Mutual authetication from imperva to F5

used trial license and takeout production license

Recommended Study Guide, Books or Labs for F5 ASM/AWAF Module

Always only one of two IP addresses as response

irule help - pool command and ERR_RTE Routing problem

Related Content

Check a Virtual Server's SSL Status

Get actual client ips in splunk

Leaked Credential Check with Advanced WAF

snmp-check external monitor

What does a Security Evangelist actually do?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS