False Positive on AWS WAF F5 Managed Rule F5#OWASP_Managed#rule_div_tag__behavior__Parameter__AllQueryArguments_Body
Hello I'm not sure if this is a question for AWS support or F5 but I'll start with F5support. We recently enabled 2 sets of rules on a AWS WAFv2 from F5 (F5-CVE_Managed and F5-OWASP_Managed). Once we did we started seeing a false positive for an API call with the following rule... F5#OWASP_Managed#rule_div_tag__behavior__Parameter__AllQueryArguments_Body After some further investigation we discovered the rule is tripped when we make a request which contains embeded HTML in the body and this HTML contains a div tag with a base64 encoded image. Can you give us more background information on exactly what this rule is doing and how we should go about avoiding this false positive? Andy
SSL Certificate with Wrong Hostname
SSL Certificate with Wrong Hostname The SSL certificate for this service is for a different host. The commonName (CN) of the SSL certificate presented on this service is for a different machine. Purchase or generate a proper certificate for this service solution provided on other sites : "Purchase or generate a proper certificate for this service." What is the proper solution to go away for this vulnerability from linux machines and how to implement the solution ?Access F5 BIG-IP (3 Nic) in GCP (Google Cloud) Deployment
Dear All, follow below link to deploy the the 3 Nic deployment in GCP: https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/standalone/3nic it deployed successfully, but i can't access it. Where: SSH: Put the key in the GCP Instance SSH Key meta-data entry, but it keep prompt me for password when ssh to it. (via the management nic) Web console: i can access the web console login page, but can't login via the default credential. (via the external nic) understand i should need to ssh to it , and create web access credential instead, but i just can't access the ssh as above Any clue? Thanks in advance. Br, Sam FokCSS patch for the new DevCentral Forums
Hi Folks, I've digged into the CSS of the new DevCentral forum and spoted some minor tweaks to make forum more usable for daily active users. I've mainly focused to expand the Question & Answer area, disable the default "Show more" truncation and to disable any line breaks on Code snippets to make them easier to read. Below is the CSS patch that can be imported to Chrome addons like Stylebot (via "Edit CSS" button) to persistently overwrite the look & feel of the new DevCentral site. /* Increase the width of the DevCentral Forum question & answer area to 100% */ .comm-layout-column { width: 100% ; } /* Allign replys and comments to the very left position. */ .slds-comment__content { margin-left: -50px ; } .comment__footer { margin-left: -50px ; } /* Less indent for comment replys */ .forceChatterFeedback.threaded-discussion .cuf-commentLi .cuf-commentLi { padding-left: 1rem ; } /* Always expand comments and remove the "Show more" button */ .feedBodyInnerTruncated { max-height: 100% ; } .forceChatterFeedBodyText .fadeOut { display: none ; } /* Disable line-breaks on code snippets and use a scroll bar instead. */ .forceChatterFeedBodyText code { overflow-x: auto ; white-space: pre ; width: 100% ; } .forceChatterFeedBodyText code ol.linenums { min-width: calc(100% - 40px) ; width: fit-content ; } Note: If you experience any formating issues outside of the DevCentral Forums, then let me know. I did not verified the changes on every single DevCentral sub page. Note: If you have other ideas to optimize the DevCentral Forum, then let me know. I'm happy to integrate your ideas in this post. Cheers, Kai
