Add all rule labels to events in F5 Rules for AWS WAF - Web exploits OWASP Rules
Hi all, We're subscribed to the "F5 Rules for AWS WAF - Web exploits OWASP Rules" rules for AWS WAF via Marketplace, and we're looking at the labels that are added to events passing through the WAF. Currently we see only a single label added to all the events, regardless of which rule triggered a match, the label is: "labels": [ { "name": "awswaf:managed:f5:web-exploits-owasp-rules:OWASP4" } ], Is there any way to also see the specific rule that triggered, for example the `ruleId`, which we can see in the logs is `rule_Union_Based_AllQueryArguments_Body`. "terminatingRule": { "ruleId": "rule_Union_Based_AllQueryArguments_Body", "action": "BLOCK", "ruleMatchDetails": null }, This would allow us to better handle false positives for specific rules, without disabling the entire thing. Does anyone have any ideas? Thanks
AWS F5_OWASP Managed Rule Blocking requests
AWS F5 OWASP managed rules are blocking requests all of a sudden (23-01-2025) We want to understand if there was any update made and also the changelog for this update and which rules were updated. Where do I find this information and AWS is not supporting these rules since these are managed by F5. Do we have a way to reach the vendor ?
F5-OWASP_Managed (rule_General_Protection_AllQueryArguments_Body)
Hello All, We experienced unexpected blocking of legitimate traffic in our WAF that significantly impacted our services. And we found the reason is { "timestamp": 1752430193632, "formatVersion": 1, "webaclId": "arn:aws:wafv2:me-central-1:1047******:regional/webacl/******-*****-waf/67d0d073-8a81-4**f-9f48-8******c2d15", "terminatingRuleId": "F5-OWASP_Managed", "terminatingRuleType": "MANAGED_RULE_GROUP", "action": "BLOCK", "terminatingRuleMatchDetails": [ { "conditionType": "REGEX", "location": "BODY", "matchedData": null, "matchedFieldName": "" } And the rule that did that is { "ruleGroupId": "F5#OWASP_Managed", "terminatingRule": { "ruleId": "rule_General_Protection_AllQueryArguments_Body", "action": "BLOCK", "ruleMatchDetails": null }, We didn't change anything for the application side, also it was working well for more than a month. Is there any update happened yesterday (13/7/2025) on regex for F5-OWASP_Managed (rule_General_Protection_AllQueryArguments_Body)
Urgent - WAF Rules Not Allowing Connection
We are experiencing issues related to the F5 OWASP Managed WAF Rules, users are getting 403 forbidden error messages. The CloudWatch metrics show a spike starting on 07/13. {"ruleGroupId":"F5#OWASP_Managed","terminatingRule":{"ruleId":"rule_General_Protection_AllQueryArguments_Body","action":"BLOCK","ruleMatchDetails":null
AWS WAF Rule F5-OWASP_Managed custom response
Hi! We are using AWS WAF managed rule 'F5-OWASP_Managed'. I would like to create a WAF custom response when requests are blocked by this rule. To do so I need to change the rule from block to count, and capture labels assigned by this rule in a WAF custom rule. When looking into the AWS WAF console I cannot see any labels assigned to this WAF rule? Can somebody please tell me if this rule assigns labels, and, which one? ThanksF5 x-chunk
sorry for the simplicity in this but i keep getting a 'http request body unparsed payload'. it's a user file upload. multiple types, pdf zip txt. theres no content type in the post and i tried a do nothing for multipart/form-data under the uri. there's nothing that should be conflicting w it. the xchunk is identifying the file type uploaded but theres not much to go off of. i just have a list of individual attack sigs to tune for on the user end. kinda lost. any help is appreciated TIA
Having labels for AWS WAF F5 Managed Rules
I would like to know how to activate labels for specific rules when I set then to count on my "F5 Rules for AWS WAF - Web exploits OWASP Rules" subscription. I am having troubles with an specifc rule which is triggering false positive blocks so I would like to create an exception to it when I set it to count, however this option is not available on the aws console. What can I do to deal with this situation if I don't have any labels available for the rule?
About Vulnerability Countermeasures
Thank you for your assistance. I would like to know if the following product is effective as a vulnerability countermeasure. Product name: F5 Rules for AWS WAF Common Vulnerabilities and Exposures Target vulnerability: CVE-2021-26691 CVE-2021-26690 CVE-2020-35452 We apologize for the inconvenience, but we would appreciate it if you could check on this issue as soon as possible. Thank you in advance for your cooperation.