Forum Discussion

jquerin's avatar
Icon for Nimbostratus rankNimbostratus
Oct 31, 2023

OWASP Rule Groups Blocking Legitmate Requests

I have had a number of legitmate requests getting blocked according to my cloudwatch logs in AWS for our WAF using the F5 Rules for AWS WAF - Web exploits OWASP Rules.

I am attaching a few text files of the CloudWatch Data. 

1 Reply

  • you need to check the http request body because the error log said this:

    "terminatingRuleMatchDetails": [
    "conditionType": "REGEX",
    "location": "BODY",
    "matchedData": null,
    "matchedFieldName": ""

    you can use tcpdump to capture whole packets
    tcpdump ... -s 0 -f5 ssl