WAF Policy upload using AS3
I am using per-app declaration to upload multiple WAF policies in an app. when I post the declaration using POST command, i only get 202 accepted, and in the backend, the F5 uploads the ASM policies. How can I get to know iff all the policies are uploaded successfully or if any have failed? Is there any command or rest api? POST : https:/<f5ip>/mgmt/shared/appsvcs/declare/Demo/applications { "id": "per-app-declaration", "schemaVersion": "3.54.2", "controls": { "class": "Controls", "logLevel": "debug", "trace": true }, "WMS_ASM": { "class": "Application", "template": "generic", "wms_Dispatcher_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_Dispatcher_asm_file.xml" }, "wms_MessageStoreAPI_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_MessageStoreAPI_asm_file.xml" }, "wms_abdg_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_abdg_asm_file.xml" }, "wms_auth_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_auth_asm_file.xml" }, "wms_carrier-info_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_carrier-info_asm_file.xml" }, "wms_cas_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_cas_asm_file.xml" }, "wms_csdui_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_csdui_asm_file.xml" }, "wms_csrkodiak_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_csrkodiak_asm_file.xml" }, "wms_getContactAddlInfo_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_getContactAddlInfo_asm_file.xml" }, "wms_keymanagement_asm_v174": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_keymanagement_asm_file.xml" }, "wms_kodiakidsprov_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_kodiakidsprov_asm_file.xml" }, "wms_lcms_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_lcms_asm_file.xml" }, "wms_mcsxcap_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_mcsxcap_asm_file.xml" }, "wms_mobileapi_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_mobileapi_asm_file.xml" }, "wms_ngcat_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_ngcat_asm_file.xml" }, "wms_oidcxcap_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_oidcxcap_asm_file.xml" }, "wms_tpams_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_tpams_asm_file.xml" }, "wms_wcsr_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_wcsr_asm_file.xml" }, "wms_webdispatcher_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_webdispatcher_asm_file.xml" } } }
AWS WAF Marketplace product exception rules Migration from WAF classic to WAF v2
Hi, Team. The following settings were made in WAF classic. [WAF classic settings] In Web ACL, specify AWS WAF - Web Exploits Rules by F5 rule group with Action "no override". Specify two rules in Rule Group exceptions and override count as exceptions. (The following rules within the rule group will be overridden to count) *1 The rules to specify are the two rule IDs in awswaf-290622.zip on the following website: https://community.f5.com/kb/technicalarticles/f5-rules-for-aws-waf---rule-id-to-attack-type-reference/278088 Note: There have been customer inquiries about being blocked by this rule, and the rule was identified and excluded. [WAF v2 settings] Specify the successor rule, F5 Rule for AWS WAF - Web exploits OWASP Rules. I think I can specify the Count for rules such as rule_General_Protection_AllQueryArguments_Body from the GUI, but I want to exclude the same rule that I specified in Classic*1. The granularity of the rules is different, so it seems I can't set it in the GUI. ■Question (1) Can you tell me if the same thing can be done with WAF v2? In other words, make the rule in *1 count instead of block. It doesn't seem like it can be done in the GUI, so is it possible to achieve it by importing json, etc. (2) Will the rules used as exceptions in WAF classic (see below*1) also work in WAF v2?AWS WAF - Bot Protection Rules
Hello guys, we are looking for this WAF Rule in the AWS Marketplace. We have interest in DDOS protection further, so can anyone tell me if the F5 Bot Protection Rules could work and what "DDOS bot/tools protection means". We will use the WAF for ALB, se we need to cover the layer 7 and not sure which kind of protection this can give us? If some hackers pretend to make a DDOS attack trough our Load Balancer, will be covered? "F5's Managed Rules for AWS WAF offer an additional layer of protection that can be easily applied to your AWS WAF. F5's Bot Protection rules analyze all incoming requests and block any malicious bot activities identified, including DDoS tools, vulnerability scanners, web scrapers, and forum spam tools"