Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

F5 rules for AWS WAF

khos77
Nimbostratus
Nimbostratus

‎20-Jul-2022 08:35

I have enabled the OWASP top 10 ruleset on one of our AWS WAFs however we are still seeing a High vulnerability for Reflected Cross-Site Scripting (XSS) in HTTP Header. Specifically in the cookie's cc_mode parameter.

I am looking for a way to protect against this type of attack.

Labels:
0 Kudos
1 REPLY 1

Erik_Novak
F5 Employee
F5 Employee

‎20-Jul-2022 13:14

Can you add the cc_parameter to the ruleset and then apply attack signatures to that parameter? 

0 Kudos
Copyright © 2023 Khoros, LLC