Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

AWS WAF F5 Rules

Israel_Ruiz
Nimbostratus
Nimbostratus

‎07-Apr-2020 17:17

Hello,

 

I looking for information about support for AWS WAF F5 Rules that I purchesed via AWS Marketplace: F5 Rules for AWS WAF Classic - Web exploits OWASP Rules.

 

I have a Rule Group That is blocking a request, but I don´t known if there is some kind of malware in the requets or it is a legitimate request and is blocking for some kind os issue with the rule. This is the rule:

 

Where Can I get support for AWS WAF F5 rules?

 

 

"ruleGroupList": [

{

"ruleGroupId": "f47e809d-57b9-4c1f-8552-b59a188fa0b1",

"terminatingRule": {

"ruleId": "55e892fa-ff64-492e-ae4f-b9cdebf49ec4",

"action": "BLOCK",

 

Labels:
0 Kudos
1 REPLY 1

Pedro_Haoa
F5 Employee
F5 Employee

‎08-Apr-2020 15:40

Hello Israel,

 

A RuleGroup is an AWS WAF container for predefined rules.

In your case: F5 Rules for AWS WAF - Web exploits OWASP Rules

These are pre-defined patterns for Negative Security policies on top of AWS WAF. (Very basic security)

 

Unfortunately, the AWS WAF has several limitations:

  • It doesn't have the visibility you require in your use case.
    • It doesn't show the full content of the request or response.
    • It is simply limited to counting whether it matches or not.
  • Negative security policy only!
    • You can only block known attacks that match AWS WAF very limited signatures.
  • No protections for unknown Zero Day vulnerabilities​.
  • Requires you to make your own manual security signatures​.
  • You have to pay for a third-party list of conditions and rules (like F5 Rules).​
  • Only has a few basic signatures that only protect from simple vulnerabilities. 
    • You need to add a better protection for the more sophisticated attacks against your apps.
  • No API protection (no XML, JSON, GWT) – No HTTP/2 or Websockets​

 

So if you need more visibility, control and security you should try and explore Advanced Web Application Firewall (WAF) which is available in the AWS Marketplace.

 

I hope it helps.

0 Kudos
Copyright © 2022 Khoros, LLC