AWS WAF F5 Rules

Israel_Ruiz · ‎07-Apr-2020

Hello,

I looking for information about support for AWS WAF F5 Rules that I purchesed via AWS Marketplace: F5 Rules for AWS WAF Classic - Web exploits OWASP Rules.

I have a Rule Group That is blocking a request, but I don´t known if there is some kind of malware in the requets or it is a legitimate request and is blocking for some kind os issue with the rule. This is the rule:

Where Can I get support for AWS WAF F5 rules?

"ruleGroupList": [

{

"ruleGroupId": "f47e809d-57b9-4c1f-8552-b59a188fa0b1",

"terminatingRule": {

"ruleId": "55e892fa-ff64-492e-ae4f-b9cdebf49ec4",

"action": "BLOCK",

Pedro_Haoa · ‎08-Apr-2020

Hello Israel,

A RuleGroup is an AWS WAF container for predefined rules.

In your case: F5 Rules for AWS WAF - Web exploits OWASP Rules

These are pre-defined patterns for Negative Security policies on top of AWS WAF. (Very basic security)

Unfortunately, the AWS WAF has several limitations:

It doesn't have the visibility you require in your use case.
- It doesn't show the full content of the request or response.
- It is simply limited to counting whether it matches or not.
Negative security policy only!
- You can only block known attacks that match AWS WAF very limited signatures.
No protections for unknown Zero Day vulnerabilities.
Requires you to make your own manual security signatures.
You have to pay for a third-party list of conditions and rules (like F5 Rules).
Only has a few basic signatures that only protect from simple vulnerabilities.
- You need to add a better protection for the more sophisticated attacks against your apps.
No API protection (no XML, JSON, GWT) – No HTTP/2 or Websockets

So if you need more visibility, control and security you should try and explore Advanced Web Application Firewall (WAF) which is available in the AWS Marketplace.

I hope it helps.

DevCentral

AWS WAF F5 Rules

Khoros Kudos Award 2022