Forum Discussion

jquerin's avatar
jquerin
Icon for Nimbostratus rankNimbostratus
Oct 31, 2023

OWASP Rule Groups Blocking Legitmate Requests

I have had a number of legitmate requests getting blocked according to my cloudwatch logs in AWS for our WAF using the F5 Rules for AWS WAF - Web exploits OWASP Rules.

I am attaching a few text files of the CloudWatch Data. 

application delivery
cloud
F5 Rules for AWS WAF
  • zamroni777's avatar
    zamroni777
    Icon for Nacreous rankNacreous
    Dec 05, 2023

    you need to check the http request body because the error log said this:

    =========

...

"terminatingRuleMatchDetails": [
{
"conditionType": "REGEX",
"location": "BODY",
"matchedData": null,
"matchedFieldName": ""
}
],

...

=======

    you can use tcpdump to capture whole packets
    tcpdump ... -s 0 -f5 ssl