We use "AWS WAF - Web Exploits Rules by F5" rule-set available from AWS Marketplace.
These rules do trigger blocks but in rare cases only.
There are cases such as POST/GET based payload injection attempts which are not caught or blocked by the rule-set.
Secondly, the rule-set does not have any awareness of the source IP reputation or block traffic based on the same.
What is your experience with these rule-set? Is there another rule-set from F5 which is more suited for blocking OWASP Top 10 attacks.