cancel
Showing results for 
Search instead for 
Did you mean: 

"F5 Rules for AWS WAF Web exploits" blocks client upload file (image)

Amorntep
Nimbostratus
Nimbostratus

After apply F5 WAF Web exploits on AWS, clients informed that cannot upload an image file as they usually do.

The image file is their signature in jpeg format (.jpg). However, once they edited the image by just simply open and save it again with the same filename, the image can be uploaded.

 

I checked log on the failed upload session and found that the action is BLOCK for some reasons. Only thing is different between the failed and the working one is value of Content-Length. The failed one is about 8000 but the working one is about 4000. Please kindly see the log below

 

I also confirmed with AWS support that this rule belongs to F5 WAF.

 

I would like to know is that any limitation of Content-Length value ? or what is the cause of blocking?

This is just simply uploading file and work without F5 WAF.

 

All explanations or suggestions will be very appreciated.

 

 

Log for failed upload file:

"terminatingRuleId":"eb2e863a-3067-4ea3-a440-4cefe77075c7","terminatingRuleType":"GROUP","action":"BLOCK","terminatingRuleMatchDetails":[],"httpSourceName":"ALB","httpSourceId":"XXXXXXXXXX","ruleGroupList":[{"ruleGroupId":"eb2e863a-3067-4ea3-a440-4cefe77075c7","terminatingRule":{"ruleId":"f7a9e257-c291-40e1-82f9-d00eefc191cf","action":"BLOCK", {"name":"Content-Length","value":"8072"}

 

 

0 REPLIES 0