AshSap
Nimbostratus
NimbostratusF5 AWS WAF rule false positive
Hello,
We are using F5 WAF rule-group from the AWS MarketPlace.
We are consistently, getting false-positive for the rule-id, 97c50551-17ba-4fe3-a754-8d2cbdfbfe39
Two legitimate requests which triggered these requests were sent via Rest API and are specified below:
Request 1:
headers": [
{
"name": "Host",
"value": "<blanked out>"
},
{
"name": "Content-Length",
"value": "1708"
},
{
"name": "Content-Type",
"value": "application/json"
},
{
"name": "tenant-id",
"value": "<blanked out>"
},
{
"name": "organization-id",
"value": "<blanked out>"
},
{
"name": "X-AUTH-TOKEN",
"value": "<blanked out>"
},
{
"name": "User-Agent",
"value": "PostmanRuntime/7.13.0"
},
{
"name": "Accept",
"value": "*/*"
},
{
"name": "Cache-Control",
"value": "no-cache"
},
{
"name": "Postman-Token",
"value": "<blanked out>"
},
{
"name": "cookie",
"value": "JSESSIONID=<blanked out>; X-AUTH-TOKEN=<blanked out>; X-REFRESH-TOKEN=<blanked out>"
},
{
"name": "accept-encoding",
"value": "gzip, deflate"
}
],
"uri": "//integration/productandpricing/fullProduct",
"args": "",
"httpVersion": "HTTP/1.1",
"httpMethod": "POST",
"requestId": null
}
Request 2:
{
"name": "Host",
"value": "<blanked out>"
},
{
"name": "Content-Length",
"value": "1709"
},
{
"name": "Content-Type",
"value": "application/json"
},
{
"name": "tenant-id",
"value": "<blanked out>"
},
{
"name": "organization-id",
"value": "<blanked out>"
},
{
"name": "X-AUTH-TOKEN",
"value": "<blanked out>"
},
{
"name": "User-Agent",
"value": "PostmanRuntime/7.13.0"
},
{
"name": "Accept",
"value": "*/*"
},
{
"name": "Cache-Control",
"value": "no-cache"
},
{
"name": "Postman-Token",
"value": "<blanked out>"
},
{
"name": "cookie",
"value": "JSESSIONID=<blanked out>; X-AUTH-TOKEN=<blanked out>; X-REFRESH-TOKEN=<blanked out>"
},
{
"name": "accept-encoding",
"value": "gzip, deflate"
}
],
"uri": "//integration/productandpricing/fullProduct",
"args": "",
"httpVersion": "HTTP/1.1",
"httpMethod": "POST",
"requestId": null
}