cancel
Showing results for 
Search instead for 
Did you mean: 

AWS WAF - Web Exploits Rules by F5 efficacy

ashsap1
Nimbostratus
Nimbostratus

We use "AWS WAF - Web Exploits Rules by F5" rule-set available from AWS Marketplace.

These rules do trigger blocks but in rare cases only.

There are cases such as POST/GET based payload injection attempts which are not caught or blocked by the rule-set.

Secondly, the rule-set does not have any awareness of the source IP reputation or block traffic based on the same.

 

What is your experience with these rule-set? Is there another rule-set from F5 which is more suited for blocking OWASP Top 10 attacks.

 

0 REPLIES 0