F5 : Leveling Up Your AWS WAF with F5 Managed Rules

F5 currently offers four unique rulesets, each of which grants protection against different threat types:

1. OWASP Top 10 Web Exploits Protection Ruleset: Mitigates attacks that seek to exploit vulnerabilities contained in the OWASP Top 10, including cross-site scripting (XSS) attacks, injection attacks, and many more.
   
2. Bot Protection Ruleset: Analyzes all incoming requests and blocks any malicious bot activities including DDoS tools, vulnerability scanners, web scraper, and forum spam tools.
   
3. API Security Ruleset: Secures against API-level attacks, XML external entity attacks, and server-side request forgery (SSRF) exploits and offers support for both XML and JSON payloads and common web API frameworks.
   
4. Common Vulnerability and Exposures (CVE) Protection Ruleset: Defends against high-profile CVEs that can be found in popular systems such as Apache, Java, MySQL, WordPress, and many more.

Each of these rulesets is written, managed, and regularly updated by F5 security specialists, thus enabling customers to protect their apps against evolving threats-without the need for any intervention from the AWS WAF user. Whether the rules are applied to new or existing AWS WAF instances, AWS application load balancers, or AWS CloudFront, any of the F5 rulesets can be attached in minutes from the AWS WAF console with just a few click

You can find more information about any of our rulesets on their respective AWS Marketplace Listings:

If you're considering trying out any of our rules with your AWS WAF and have any questions or need assistance, simply sign in to ask a question on the F5 DevCentral community site. One of our technical experts or a member of our outstanding community will help you get started. You can also learn more via the supporting resources below or contact F5 sales for additional support.

Additional Resources: