AWS F5_OWASP Managed Rule Blocking requests
AWS F5 OWASP managed rules are blocking requests all of a sudden (23-01-2025) We want to understand if there was any update made and also the changelog for this update and which rules were updated. Where do I find this information and AWS is not supporting these rules since these are managed by F5. Do we have a way to reach the vendor ?
How much does it cost to apply "F5 Rules for AWS WAF - Common Vulnerabilities & Exposures (CVE) Rules" to Cloudfront?
Hello How much does it cost to apply "F5 Rules for AWS WAF - Common Vulnerabilities & Exposures (CVE) Rules" to Cloudfront? The product page describes it as follows https://aws.amazon.com/marketplace/pp/prodview-y4tlpqpjpm4qi Monthly fee for each applicable region (pro-rated per hour) $20 / unit I understand that there is a fee for each region when applied to ALB, but what about Cloudfront? Will I be charged for all regions?
AWS F5 Managed WAF rules not blocking simple SQL injection
We have subscribed to the "F5 Rules for AWS WAF - API Security Rules". Product page: https://aws.amazon.com/marketplace/pp/B07M948X2H. A Web ACL has been created in our AWS account using this group of rules. It has been then associated to an API published on the Amazon API Gateway. For some reason, even basic SQL injection are not blocked. For instance, a request with a url-encoded string like ' OR '1'='1 (see https://en.wikipedia.org/wiki/SQL_injection) in querystring is not blocked. Switching to a group of rules managed by a competitor (Fortinet) resolved our problem. We are surprised the F5 rules are so permissive. Maybe we are missing something. Any thoughts ? Thank you. Related question: https://devcentral.f5.com/s/feed/0D51T00006i7iONSAY
