waf

96 Topics

Regex issue
Hello, I am stuck on trying to find out how to match some parameters in a WAF request using regex wildcard The parameters that I want to match are int the form ofamp;arg20=somethingwhere the arg20 can be anything. The repetitive part that I want to match with the regex is amp; and I want to match multiple times because it appears multiple times in the query string This is the request GET /human.aspx?r=2900376326&arg20=dssdds&arg21=aaa HTTP/1.1 I want to match the 2 parameters amp;arg20 and amp;arg21 with a wildcard which appears as invalid parameters Parameter Location Query String Parameter Name amp;arg20 Parameter Value dssdds Applied Blocking Settings BlockAlarmLearn Parameter Location Query String Parameter Name amp;arg21 Parameter Value aaa Applied Blocking Settings BlockAlarmLearn I tried to create multiple wildcard parameters like: amp.* or amp.+?(?==)but the parameters never match and I get the illegal parameter violation How can this be achieved?
Solved
Darius44
Nov 10, 2023 Place Technical Forum
1.2KViews
1like
8Comments
Custom attack signature syntax for multiple user agents
Hi, I want to create a custom attack signature that will block requests that contains specific user agents. I've already created a signature that blocks Python user agent, but I'm not sure how to add multiple ones to the same signature. Under "Rule" section, I use the Simple Edit Mode and I have set: Matched Element: Header Matched Criteria: Matches regular expression Keyword: User-Agent:.*[Pp]ython.* How do I add more user agents? Thanks
Jonathan_c
Aug 24, 2023 Place Technical Forum
781Views
1like
1Comment
AdvWAF, OpenAPI - how to update security profile as APIs are added?
Hi - We have an integration in which we want to create a security profile via Guided Configuration for an API server, and plan on importing the OpenAPI specification as the starting point. But - this server will be adding more APIs on a regular basis for the foreseeable future ... and it's not clear to us how we can add new APIs to the security policy. The documentation on importing an OpenAPI spec says that all of the APIs supported by the virtual server involved must be described ... what is the procedure to add single APIs, one by one as they become relevant, over time? Thank you!
daboochmeister
Jun 28, 2022 Place Technical Forum
980Views
1like
3Comments
F5 icons || HLD || Libreoffice || stencils alike
Hi All, I'm working on a HLD and I'm working with Libreoffice draw. I managed to get all cisco icons but I can't do the same for BIG-IP . I know there is visio stencils but that's not my case as I'm using open source libreoffice draw. anyone to help please ? Thanks
moureg16
Jan 21, 2020 Place Technical Forum
677Views
1like
1Comment
False Positive on AWS WAF F5 Managed Rule F5#OWASP_Managed#rule_div_tag__behavior__Parameter__AllQueryArguments_Body
Hello I'm not sure if this is a question for AWS support or F5 but I'll start with F5support. We recently enabled 2 sets of rules on a AWS WAFv2 from F5 (F5-CVE_Managed and F5-OWASP_Managed). Once we did we started seeing a false positive for an API call with the following rule... F5#OWASP_Managed#rule_div_tag__behavior__Parameter__AllQueryArguments_Body After some further investigation we discovered the rule is tripped when we make a request which contains embeded HTML in the body and this HTML contains a div tag with a base64 encoded image. Can you give us more background information on exactly what this rule is doing and how we should go about avoiding this false positive? Andy
Andy101
Jul 23, 2021 Place Technical Forum
989Views
1like
4Comments