We use "AWS WAF - Web Exploits Rules by F5" rule-set available from AWS Marketplace.

These rules do trigger blocks but in rare cases only.

There are cases such as POST/GET based payload injection attempts which are not caught or blocked by the rule-set.

Secondly, the rule-set does not have any awareness of the source IP reputation or block traffic based on the same.

What is your experience with these rule-set? Is there another rule-set from F5 which is more suited for blocking OWASP Top 10 attacks.