Forum Discussion

Israel_Ruiz's avatar
Israel_Ruiz
Icon for Nimbostratus rankNimbostratus
Apr 08, 2020

AWS WAF F5 Rules

Hello,

 

I looking for information about support for AWS WAF F5 Rules that I purchesed via AWS Marketplace: F5 Rules for AWS WAF Classic - Web exploits OWASP Rules.

 

I have a Rule Group That is blocking a request, but I don´t known if there is some kind of malware in the requets or it is a legitimate request and is blocking for some kind os issue with the rule. This is the rule:

 

Where Can I get support for AWS WAF F5 rules?

 

 

"ruleGroupList": [

{

"ruleGroupId": "f47e809d-57b9-4c1f-8552-b59a188fa0b1",

"terminatingRule": {

"ruleId": "55e892fa-ff64-492e-ae4f-b9cdebf49ec4",

"action": "BLOCK",

 

AWS
F5 Rules for AWS WAF
security

1 Reply

Sort By
  • Pedro_Haoa's avatar
    Pedro_Haoa
    Ret. Employee
    Apr 08, 2020

    Hello Israel,

     

    A RuleGroup is an AWS WAF container for predefined rules.

    In your case: F5 Rules for AWS WAF - Web exploits OWASP Rules

    These are pre-defined patterns for Negative Security policies on top of AWS WAF. (Very basic security)

     

    Unfortunately, the AWS WAF has several limitations:

    • It doesn't have the visibility you require in your use case.
      • It doesn't show the full content of the request or response.
      • It is simply limited to counting whether it matches or not.
    • Negative security policy only!
      • You can only block known attacks that match AWS WAF very limited signatures.
    • No protections for unknown Zero Day vulnerabilities​.
    • Requires you to make your own manual security signatures​.
    • You have to pay for a third-party list of conditions and rules (like F5 Rules).​
    • Only has a few basic signatures that only protect from simple vulnerabilities. 
      • You need to add a better protection for the more sophisticated attacks against your apps.
    • No API protection (no XML, JSON, GWT) – No HTTP/2 or Websockets​

     

    So if you need more visibility, control and security you should try and explore Advanced Web Application Firewall (WAF) which is available in the AWS Marketplace.

     

    I hope it helps.