Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

OWASP Rule Groups Blocking Legitmate Requests

jquerin
Nimbostratus
Nimbostratus

‎31-Oct-2023 07:37 - edited ‎31-Oct-2023 08:13

I have had a number of legitmate requests getting blocked according to my cloudwatch logs in AWS for our WAF using the F5 Rules for AWS WAF - Web exploits OWASP Rules.

I am attaching a few text files of the CloudWatch Data. 

Labels:
Blocked Rules.zip
0 Kudos
1 REPLY 1

zamroni777
Altocumulus
Altocumulus

‎04-Dec-2023 18:27

you need to check the http request body because the error log said this:

=========

...

"terminatingRuleMatchDetails": [
{
"conditionType": "REGEX",
"location": "BODY",
"matchedData": null,
"matchedFieldName": ""
}
],

...

=======

you can use tcpdump to capture whole packets
tcpdump ... -s 0 -f5 ssl

0 Kudos
Copyright © 2023 Khoros, LLC