AWS support advised us to contact the F5 Support. According to them the issue is coming fromt F5's rules. To be honest, it makes a lot of sense.
Can we have any support please ?
-------------------------------------------------
Here is the response from AWS:
"I am really surprised that both these F5 Rules are not blocking a basic SQLi attack. However, I am glad that you have conducted this vulnerability assessment before deploying the managed rules in production. If the managed rules have not passed the vulnerability assessment, I would recommend not using them in production.
Just as an additional check of the SQLi query string, I conducted a simulation of the SQLi attack using the AWS WAF Security Automations template [1][2]. This is a solution that automatically deploys a WAF solution with preconfigured rules for the most common attacks.
Using the same query string that you provided me, the SQLi attack was also blocked by the automatically generated AWS WAF rules. This collaborates your observation that the Fortinet Managed Rules for AWS WAF - API Gateway is also able to block the SQLi attack.
Given that the other two solution are able to block the same attack while the F5 Rules are not able to block the attack, I can only conclude that there is a something wrong with the F5 Rules, and I would recommend contacting F5 support with this information and request that they investigate both of these rules. If I had some visibility into the F5 rules, I would have done some further investigation, however, the rules are protected and only F5 can see what each rule in the rulegroup is doing.
I hope that this information has been helpful and I wish I could investigate the F5 rules further, however, these are 3rd party managed rules that I do not have access to investigate.
If you have any queries or require further information, please do not hesitate to contact me and I will be very happy to assist you.
Have a pleasant day.
References:
[1] AWS WAF Security Automations - https://aws.amazon.com/solutions/aws-waf-security-automations/
[2] Automated Deployment - https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/deployment.html "
Altocumulus
