Possible False Positive for OWASP rule in AWS - div_tag_parameter_AllQueryArguments_Body

Question

We have a WordPress website and we just recently enabled the F5-OWASP_Managed Rule set in AWS.

I noticed we had had over 50 requests blocked from users within our network. It looks like they were attempting to save the page among other valid type requests. The rule that is blocking the request is "rule_div_tag__behavior__Parameter__AllQueryArguments_Body"

I've currently set the blocking rule to "Override to Allow" but I would prefer to not have this rule set to this, but I do not wish to have our site editors blocked from making valid site updates.

I have a downloaded CSV from Cloudwatch of all the blocked requests with the parameters, etc.

whisperer · Answer

You may need to submit a support request with F5 Support for this one. As this is a currated list, and you are looking to avoid whitelisting requests to allow normal expected behaviour, then this may be a bug.

Forum Discussion

Possible False Positive for OWASP rule in AWS - div_tag_parameter_AllQueryArguments_Body

1 Reply

Recent Discussions

rSeries and tenant upgrades

redirect not working

cat and grep command for rst messages

iRule resulting in too many redirects

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

Related Content

F5 Distributed Cloud WAF AI/ML Model to Suppress False Positives

Handle False Positive for files upload

CMS causing False Positives

Separating False Positives from Legitimate Violations

Attack Signature False Positive Mode