F5 Rules for AWS WAF - CVE-2021-22118 & CVE-2016-1000027
Hello, We're checking in the AWS marketplace for theF5 Rules for AWS WAF - Common Vulnerabilities and Exposures (CVE) Rulesand want to check if the following CVEs are covered by this rule set? CVE-2021-22118: Local Privilege Escalation within Spring Webflux Multipart Request Handling CVE-2016-1000027:Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Thanks.Solved2.2KViews0likes18CommentsF5 Rules for AWS WAF CVE-2021-40438
Hello, We're checking in the AWS marketplace for theF5 Rules for AWS WAF - Common Vulnerabilities and Exposures (CVE) Rulesand want to check ifCVE-2021-40438 is covered by this rule set? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438268Views1like4CommentsPossible False Positive for OWASP rule in AWS - div_tag_parameter_AllQueryArguments_Body
We have a WordPress website and we just recently enabled the F5-OWASP_Managed Rule set in AWS. I noticed we had had over 50 requests blocked from users within our network. It looks like they were attempting to save the page among other valid type requests. The rule that is blocking the request is "rule_div_tag__behavior__Parameter__AllQueryArguments_Body" I've currently set the blocking rule to "Override to Allow" but I would prefer to not have this rule set to this, but I do not wish to have our site editors blocked from making valid site updates. I have a downloaded CSV from Cloudwatch of all the blocked requests with the parameters, etc.606Views0likes1CommentF5 Rules for AWS WAF - API Security Rules (Requesting a Trial)
Hi, We have deployed the AWS WAF in our AWS account and we would like to enable and evaluate the API Security Ruleset available in the AWS Marketplace on a SOAP API environment. We would like to know whether it is possible to evaluate the rules before purchasing by requesting a trial for a short time period so that we can evaluate the efficacy of the rules against targeted attacks towards SOAP APIs. This will be greatly helpful to us in making purchasing decisions.454Views0likes2CommentsAWS WAF Rule F5-OWASP_Managed custom response
Hi! We are using AWS WAF managed rule 'F5-OWASP_Managed'. I would like to create a WAF custom response when requests are blocked by this rule. To do so I need to change the rule from block to count, and capture labels assigned by this rule in a WAF custom rule. When looking into the AWS WAF console I cannot see any labels assigned to this WAF rule? Can somebody please tell me if this rule assigns labels, and, which one? Thanks839Views0likes3CommentsHelp with investigating the cause for blocked request
Hi, We are subscribed to F5 Rules for AWS WAF - Web exploits OWASP Rules via AWS Marketplace and use it for our WAF config. We see some requests are getting blocked and see which rule triggers it. However it is not clear from the log what is exactly the reason for this. I suspect it is because of the size of the body of the request. Please help understanding the exact reason and what can we do to fix it. Log entry: { "timestamp": 1693206543488, "formatVersion": 1, "webaclId": "", "terminatingRuleId": "F5-OWASP", "terminatingRuleType": "MANAGED_RULE_GROUP", "action": "BLOCK", "terminatingRuleMatchDetails": [ { "conditionType": "REGEX", "location": "BODY", "matchedData": null } ], "httpSourceName": "ALB", "httpSourceId": "", "ruleGroupList": [ { "ruleGroupId": "F5#OWASP_Managed", "terminatingRule": { "ruleId": "rule_XSS_script_tag__Parameter__AllQueryArguments_Body", "action": "BLOCK", "ruleMatchDetails": null }, "nonTerminatingMatchingRules": [], "excludedRules": null, "customerConfig": null } ], "rateBasedRuleList": [], "nonTerminatingMatchingRules": [], "requestHeadersInserted": null, "responseCodeSent": null, "httpRequest": { redacted }, "oversizeFields": [ "REQUEST_BODY" ], "requestBodySize": 49642, "requestBodySizeInspectedByWAF": 8192 }628Views0likes2CommentsBody Size Limit F5 AWS WAF managed rule
I am subscribing theF5-OWASP_Managed then attach it to my AWS WAF. I am seeking a solution to block OWASP attack that happen on body. my question is: does the F5 managed rule group follows the AWS body size inspection limit (16 KB), or it has different limit? thank you623Views0likes3CommentsF5 rules for AWS WAF Terraform
Dear, good afternoon I'm implementing the rules of F5 OWSAP10 https://aws.amazon.com/marketplace/pp/prodview-ah3rqi2hcqzsi But I'm working with infrastructure by Terraform code To carry out the implementation I need the correct name of the rule and the correct name of the vendor for implementation and I cannot find this information in the documentation Can you help me? ex: { overrideAction = { type = var.NAME == "BLOCK" ? "NONE" : var.NAME } managedRuleGroupIdentifier = { "vendorName" : "NAME", "managedRuleGroupName" : "NAME" } ruleGroupType = "ManagedRuleGroup" excludeRules = [] }Solved1.8KViews0likes8Commentsurl rewrite to avoid third level domain still make sense?
Hello everyone. I've been using f5 in a simple way for some years - I'm not an expert - but i have always implemented the visibility of sites with third-level domains for example: https://company.com/test -> redirect to https://test.company.com for my application or site. Now the business request has changed, they no longer want to see the third level url (https://test.company.com/) but always https://company.com/test/ecc.ecc.ecc i suppose i should implement heavy url rewrite rules. The question is, the url rewrite to avoid third level domain still make sense, is it still valid, or does it turn out to be deprecated for some reason? or for simplicity the third level domain remains the best solution? Thanks to everyone Alberto413Views0likes0Comments