Forum Discussion

jquerin's avatar
Icon for Nimbostratus rankNimbostratus
Oct 26, 2023

Possible False Positive for OWASP rule in AWS - div_tag_parameter_AllQueryArguments_Body

We have a WordPress website and we just recently enabled the F5-OWASP_Managed Rule set in AWS.

I noticed we had had over 50 requests blocked from users within our network.  It looks like they were attempting to save the page among other valid type requests.  The rule that is blocking the request is "rule_div_tag__behavior__Parameter__AllQueryArguments_Body"

I've currently set the blocking rule to "Override to Allow" but I would prefer to not have this rule set to this,  but I do not wish to have our site editors blocked from making valid site updates.

I have a downloaded CSV from Cloudwatch of all the blocked requests with the parameters, etc.

1 Reply

  • You may need to submit a support request with F5 Support for this one. As this is a currated list, and you are looking to avoid whitelisting requests to allow normal expected behaviour, then this may be a bug.