F5-OWASP_Managed (rule_General_Protection_AllQueryArguments_Body)
Hello All, We experienced unexpected blocking of legitimate traffic in our WAF that significantly impacted our services. And we found the reason is { "timestamp": 1752430193632, "formatVersion": 1, "webaclId": "arn:aws:wafv2:me-central-1:1047******:regional/webacl/******-*****-waf/67d0d073-8a81-4**f-9f48-8******c2d15", "terminatingRuleId": "F5-OWASP_Managed", "terminatingRuleType": "MANAGED_RULE_GROUP", "action": "BLOCK", "terminatingRuleMatchDetails": [ { "conditionType": "REGEX", "location": "BODY", "matchedData": null, "matchedFieldName": "" } And the rule that did that is { "ruleGroupId": "F5#OWASP_Managed", "terminatingRule": { "ruleId": "rule_General_Protection_AllQueryArguments_Body", "action": "BLOCK", "ruleMatchDetails": null }, We didn't change anything for the application side, also it was working well for more than a month. Is there any update happened yesterday (13/7/2025) on regex for F5-OWASP_Managed (rule_General_Protection_AllQueryArguments_Body)
Urgent - WAF Rules Not Allowing Connection
We are experiencing issues related to the F5 OWASP Managed WAF Rules, users are getting 403 forbidden error messages. The CloudWatch metrics show a spike starting on 07/13. {"ruleGroupId":"F5#OWASP_Managed","terminatingRule":{"ruleId":"rule_General_Protection_AllQueryArguments_Body","action":"BLOCK","ruleMatchDetails":null
AWS WAF Rule F5-OWASP_Managed custom response
Hi! We are using AWS WAF managed rule 'F5-OWASP_Managed'. I would like to create a WAF custom response when requests are blocked by this rule. To do so I need to change the rule from block to count, and capture labels assigned by this rule in a WAF custom rule. When looking into the AWS WAF console I cannot see any labels assigned to this WAF rule? Can somebody please tell me if this rule assigns labels, and, which one? ThanksF5 x-chunk
sorry for the simplicity in this but i keep getting a 'http request body unparsed payload'. it's a user file upload. multiple types, pdf zip txt. theres no content type in the post and i tried a do nothing for multipart/form-data under the uri. there's nothing that should be conflicting w it. the xchunk is identifying the file type uploaded but theres not much to go off of. i just have a list of individual attack sigs to tune for on the user end. kinda lost. any help is appreciated TIA
Having labels for AWS WAF F5 Managed Rules
I would like to know how to activate labels for specific rules when I set then to count on my "F5 Rules for AWS WAF - Web exploits OWASP Rules" subscription. I am having troubles with an specifc rule which is triggering false positive blocks so I would like to create an exception to it when I set it to count, however this option is not available on the aws console. What can I do to deal with this situation if I don't have any labels available for the rule?
About Vulnerability Countermeasures
Thank you for your assistance. I would like to know if the following product is effective as a vulnerability countermeasure. Product name: F5 Rules for AWS WAF Common Vulnerabilities and Exposures Target vulnerability: CVE-2021-26691 CVE-2021-26690 CVE-2020-35452 We apologize for the inconvenience, but we would appreciate it if you could check on this issue as soon as possible. Thank you in advance for your cooperation.