I am seeing lots of requests that match the following rules:
How can I determine why the requests are matching?
#F5 rules for AWS WAF
And you've setup the steps on pages 12-15 in the getting started guide: https://pages.awscloud.com/rs/112-TZM-766/images/F5_OWASP_Getting%20Started%20Guide.pdf?
I'm asking around internally, will let you know what I find.
As much as possible, yes. (The doc appears to have been written for an older version of the WAF Console.) I do not see request bodies in the logs, and Amazon Support said that they don't log request bodies.