F5 rules for AWS WAF

Question

I have enabled the OWASP top 10 ruleset on one of our AWS WAFs however we are still seeing a High vulnerability for Reflected Cross-Site Scripting (XSS) in HTTP Header. Specifically in the cookie's cc_mode parameter.

I am looking for a way to protect against this type of attack.

erik_novak · Answer

Can you add the cc_parameter to the ruleset and then apply attack signatures to that parameter?&nbsp;

Forum Discussion

F5 rules for AWS WAF

1 Reply

Recent Discussions

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Can iRule mask the payload content on event logs of security

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

F5Access | MacOS Sonoma

Related Content

F5 rules for AWS WAF Terraform

F5 Distributed Cloud and AWS VPC Lattice

F5 Rules for AWS WAF - CVE-2021-22118 & CVE-2016-1000027

Living on the AWS Edge - BIG-IP on AWS Outposts

F5 Rules for AWS WAF - Rule ID to Attack Type Reference