F5 x-chunk
sorry for the simplicity in this but i keep getting a 'http request body unparsed payload'. it's a user file upload. multiple types, pdf zip txt. theres no content type in the post and i tried a do nothing for multipart/form-data under the uri. there's nothing that should be conflicting w it. the xchunk is identifying the file type uploaded but theres not much to go off of. i just have a list of individual attack sigs to tune for on the user end. kinda lost. any help is appreciated TIA
Possible False Positive for OWASP rule in AWS - div_tag_parameter_AllQueryArguments_Body
We have a WordPress website and we just recently enabled the F5-OWASP_Managed Rule set in AWS. I noticed we had had over 50 requests blocked from users within our network. It looks like they were attempting to save the page among other valid type requests. The rule that is blocking the request is "rule_div_tag__behavior__Parameter__AllQueryArguments_Body" I've currently set the blocking rule to "Override to Allow" but I would prefer to not have this rule set to this, but I do not wish to have our site editors blocked from making valid site updates. I have a downloaded CSV from Cloudwatch of all the blocked requests with the parameters, etc.
F5 Rules for AWS WAF - API Security Rules (Requesting a Trial)
Hi, We have deployed the AWS WAF in our AWS account and we would like to enable and evaluate the API Security Ruleset available in the AWS Marketplace on a SOAP API environment. We would like to know whether it is possible to evaluate the rules before purchasing by requesting a trial for a short time period so that we can evaluate the efficacy of the rules against targeted attacks towards SOAP APIs. This will be greatly helpful to us in making purchasing decisions.AWS WAF Rule F5-OWASP_Managed custom response
Hi! We are using AWS WAF managed rule 'F5-OWASP_Managed'. I would like to create a WAF custom response when requests are blocked by this rule. To do so I need to change the rule from block to count, and capture labels assigned by this rule in a WAF custom rule. When looking into the AWS WAF console I cannot see any labels assigned to this WAF rule? Can somebody please tell me if this rule assigns labels, and, which one? Thanks
