cancel
Showing results for 
Search instead for 
Did you mean: 

What is the rule_SSRF_attempt_AllQueryArguments_Body actually checking for

kieronS
Nimbostratus
Nimbostratus

My project have implemented the F5 managed AWS WAF ruleset OWASP_Managed and we've noticed that the WAF is blocking the following rule :

 

rule_SSRF_attempt_AllQueryArguments_Body

 

I need to understand what this rule is actually doing under the covers so that we can establish why it is being triggered. I can't find any documentation that describes what this rule, or any others in the ruleset, is checking for, can anyone tell me where I can find the documentation that explains?

1 REPLY 1

Mohamedfaizur
F5 Employee
F5 Employee

Hi,

Unlike traditional, full blown WAF security solutions, the content of F5 rules is not visible and cannot be viewed. Please send us the HTTP request that was blocked . We will confirm whether the rule blocked a true malicious request or not.

Thanks