Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 Rules for AWS WAF - Rule ID to Attack Type Reference

Nir_Zigler_7297
Historic F5 Account

on ‎21-Jan-2019 03:00 - edited on ‎29-Jun-2022 02:21 by F5 Employee

F5 offers security solutions for AWS customers who use the platform's hosting and load balancing services along with the AWS WAF offering.

 

F5 Rules for AWS WAF - Web exploits OWASP RulesF5 Rules for AWS WAF - Bot Protection RulesF5 Rules for AWS WAF - Common Vulnerabilities and Exposures (CVE)F5 Rules for AWS WAF - API Security Rules

 

With the recent addition of logging capabilities of requests that had a match with one of the rule sets, there is now an option to:

 

  1. See the full request that had a match with the rule ID.
  2. Understand the attack type that relates to the rule ID.
  3. Remove specific rule ID from the rule set in the case it generates false positives.

 

The following CSV maps between rule IDs and attack types, and will help customers of the F5 Rules for AWS WAF products to better manage rule exclusions in their Access Lists.

 

For more details on AWS-WAF logging configuration please visit:https://docs.aws.amazon.com/waf/latest/developerguide/logging.html

Labels:
awswaf-290622.zip
Comments
Jat_Bhogal
Nimbostratus
Nimbostratus
‎25-Jun-2019 09:10

That CSV file doesn't exist anymore. Can somebody please update this post, with an updates link to the CSV file ASAP.

 

Thanks

 

Jat

0 Kudos
Jat_Bhogal
Nimbostratus
Nimbostratus
‎25-Jun-2019 09:12

Please update this post asap with a valid document link.

0 Kudos
Chase_Abbott
F5 Employee
F5 Employee
‎02-Jul-2019 09:38

  Updated.

0 Kudos
Jat_Bhogal
Nimbostratus
Nimbostratus
‎05-Jul-2019 02:27

Thanks Chase, can we please keep on top of the content in the csv file. I'm sure the rules being exploited are changing very frequently meaning that this document needs to follow suit?

0 Kudos
Jat_Bhogal
Nimbostratus
Nimbostratus
‎05-Jul-2019 02:28

For the fact that my company pays a subscription to F5 for this WAF Marketplace rule, I think I'm more than within my rights to be asking for this.

0 Kudos
Chase_Abbott
F5 Employee
F5 Employee
‎05-Jul-2019 12:04

  The team responsible for this does maintain the file, in this particular case the file had an invalid URL due to our recent migration. The file is now part of the article moving forward and will stay current by the team that manages the AWS subscription service.

0 Kudos
Jat_Bhogal
Nimbostratus
Nimbostratus
‎08-Jul-2019 03:12

Ok, thanks for addressing this Chase. No doubt I will be coming back to this document frequently.

 

Regards

 

Jat

0 Kudos
worapojc
Altostratus
Altostratus
‎17-Jun-2022 01:51

It seems the attached file is corrupted. Could you please re-upload the file?

0 Kudos
LiefZimmerman
Community Manager
Community Manager
‎27-Oct-2022 03:41

@worapojc - the file appears to have been corrected. Thanks for letting us know.

0 Kudos
Version history
Last update:
‎29-Jun-2022 02:21
Updated by:
F5 Employee
Copyright © 2023 Khoros, LLC