Forum Discussion

kieronS's avatar
kieronS
Icon for Nimbostratus rankNimbostratus
Dec 20, 2021

What is the rule_SSRF_attempt_AllQueryArguments_Body actually checking for

My project have implemented the F5 managed AWS WAF ruleset OWASP_Managed and we've noticed that the WAF is blocking the following rule :

 

rule_SSRF_attempt_AllQueryArguments_Body

 

I need to understand what this rule is actually doing under the covers so that we can establish why it is being triggered. I can't find any documentation that describes what this rule, or any others in the ruleset, is checking for, can anyone tell me where I can find the documentation that explains?

1 Reply

  • Hi,

    Unlike traditional, full blown WAF security solutions, the content of F5 rules is not visible and cannot be viewed. Please send us the HTTP request that was blocked . We will confirm whether the rule blocked a true malicious request or not.

    Thanks