F5 Rules for AWS WAF - Web exploits OWASP Rules - Blocking JIRA/Confluence Functionality
The F5 Rules for AWS WAF - Web exploits OWASP Rules is blocking certain functionality on our JIRA/Confluence servers. If we edit a page that contains macros (for example a Table of Contents), we get a 403 error and the AWS WAF rule shows that the traffic was blocked. If we edit the same page but remove the macro, the page saves correctly. If we use the F5 Web Application CVE Signatures For AWS WAF rule set, everything works correctly. We've been in contact with Atlassian support and they are troubleshooting the issue on the application side as well, but is there a way to tell what type of rule within the rule set might be blocking this traffic? Is there any workaround?