NimbostratusAfter I added "F5 Rules for AWS WAF Web exploits" to our AWS load balancer Web ACL I started seeing that calls to one of our APIs are being blocked. This API is being used to allow users save their trip plan: the body of the post request contains json in a size that is average 25K.
What can I do about it? currently I had to disable F5 rules.
EmployeeWhat is the actual logged violation?
NimbostratusIt says "AWS WAF - Web Exploits Rules by F5" without any further details. Is there anyway to see the exact rule that caused the violation?
NimbostratusWhen purchasing the product on AWS it says that F5 support is available through this forum. Why no one is answering?
EmployeeAs detailed in
K21015971: Overview of F5 RuleGroups for AWS WAF
the primary avenue of support for F5 RuleGroups for AWS WAF is AWS Support
F5 Rules for AWS WAF - Bot Protection Rules
Please contact AWS Support (https://aws.amazon.com/contact-us) for AWS WAF related assistance
AWS do have a channel for accessing F5 Support, and access into the violation information.
Otherwise, you need to post an example blocked request (at least the headers) that may provide some clues as to the sort of violation that is being triggered.
Is the Content-Type being correctly set as JSON?
Hi Yosi,
Were you able to get a response by contact AWS Support for this?
Please follow the procedure detailed in K21015971: Overview of F5 RuleGroups for AWS WAF
Reporting false positives on DevCentral
With full request logging you can now report on a rule that generates too many false positives. To report false positives, complete the following:
