Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

F5 rules for AWS WAF

khos77
Nimbostratus
Nimbostratus

I have enabled the OWASP top 10 ruleset on one of our AWS WAFs however we are still seeing a High vulnerability for Reflected Cross-Site Scripting (XSS) in HTTP Header. Specifically in the cookie's cc_mode parameter.

I am looking for a way to protect against this type of attack.

1 REPLY 1

Erik_Novak
F5 Employee
F5 Employee

Can you add the cc_parameter to the ruleset and then apply attack signatures to that parameter?