Waf Charm

 

Support

Contact Cyber Security Cloud Support

email: aws-waf-support@wafcharm.com

Subscribe to the Cyber Security Cloud Managed Rules SNS notification

By subscribing to the CSC Managed Rules SNS notifications, you will be notified of any changes, including the "Change Log" listed on this page. SNS Topic ARN: arn:aws:sns:us-east-1:343255486711:CyberSecurityCloud-ManagedRule

AWS WAF Labels for Cyber Security Cloud Managed Rules

The following shows the full label syntax in “Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-awswaf:managed:cyber-security-cloud:owasp-high-security:<rule-name> The following shows the full label syntax in “Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-awswaf:managed:cyber-security-cloud:api-gateway-serverless:<rule-name> For example) Rule group: Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- Rule name: sqli-body-001 For the rule above, rule label would be: “awswaf:managed:cyber-security-cloud:owasp-high-security:sqli-body-001”

Note

Applicable rules: Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- In the managed rules listed above, Continue is selected for the oversize handling instructions of rules that inspect Body and JSON Body. This means that the rules will inspect the first 8KB (8,192 bytes) of the request, but the rest of the strings that exceed the limit will be excluded from the inspection without taking actions Count/Block, allowing the request to pass the rules. Therefore, if you would like to block a request that may include attacks after the first 8KB (8,192 bytes), you will need to create a rule that will block any HTTP request that exceeds 8 KB (8,192 bytes). Oversize handling for request components

CHANGE LOG

This lists changes to the Cyber Security Cloud Managed Rules since March, 2022
Date Target Products Target Rules Changes Note
2024/11/01 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 ssci-qs-001
ssci-body-001		 Updated rules:
ssci-qs-001
ssci-body-001		 This release tuned detection signatures to reduce false positives.
2024/10/24 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 ssci-qs-001
ssci-body-001		 Updated rules:
ssci-qs-001
ssci-body-001		 This release updates the signatures to improve detection.
2024/10/17 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 ssci-qs-001
ssci-body-001		 Updated rules:
ssci-qs-001
ssci-body-001		 This release tuned detection signatures to reduce false positives.
2024/06/13 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-header-001 Updated rules:
sqli-header-001		 This release tuned detection signatures to reduce false positives.
2024/02/21 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-header-001 Updated rules:
sqli-header-001		 This release tuned detection signatures to reduce false positives.
2024/01/25 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 Updated rules:
sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 This release tuned detection signatures to reduce false positives.
2024/01/25 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_sqli_query
rule_sqli_body		 Updated rules:
rule_sqli_query
rule_sqli_body		 This release tuned detection signatures to reduce false positives.
2023/12/20 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 Updated rules:
sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 This release tuned detection signatures to reduce false positives.
2023/12/20 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_sqli_query
rule_sqli_body		 Updated rules:
rule_sqli_query
rule_sqli_body		 This release tuned detection signatures to reduce false positives.
2023/08/03 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 oscommandi-url-001 Added rules:
oscommandi-url-001		 This release adds a rule to improve detection.
2023/05/17 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 Updated rules:
sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 This release updates the signatures to improve detection.
2023/03/30 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 ZK_Framework_CVE-2022-36537 Added rule:
ZK_Framework_CVE-2022-36537		 Added rule for ZK Framework AuUploader Authentication Bypass vulnerabilities (CVE-2022-36537).
2023/03/23 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless		 ssci-body-001
ssci-qs-001		 Updated rules:
ssci-body-001
ssci-qs-001		 This release tuned detection signatures to reduce false positives.
2023/03/23 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_ssci_xxe_other_body
rule_ssci_xxe_other_query		 Updated rules:
rule_ssci_xxe_other_body
rule_ssci_xxe_other_query		 This release tuned detection signatures to reduce false positives.
2023/02/17 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless		 sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 Updated rules:
sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 This release tuned detection signatures to reduce false positives.
2022/12/28 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless		 sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002		 Updated rules:
sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002		 This release tuned detection signatures to reduce false positives.
2022/12/27 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless		 sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002

Log4j_CVE-2021-44228		 Added rules:
sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002

Updated rule:
Log4j_CVE-2021-44228		 This release updates the signatures and adds the rules to improve detection.
2022/11/24 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 bad_useragent-header-001 Updated rule:
bad_useragent-header-001		 This release tuned detection signatures to reduce false positives.
2022/11/24 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- wafcharm_bad_useragent_010080001-05 Updated rule:
wafcharm_bad_useragent_010080001-05		 This release tuned detection signatures to reduce false positives.
2022/10/27 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 oscommandi-cookie-001
oscommandi-header-001		 Added rule:
oscommandi-cookie-001
Updated rule:
oscommandi-header-001		 This release updates the signatures and adds the rules to improve detection.
2022/10/20 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001		 Updated rules:
oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001		 This release tuned detection signatures to reduce false positives.
2022/10/20 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_oscmdi_query
rule_oscmdi_body		 Updated rules:
rule_oscmdi_query
rule_oscmdi_body		 This release tuned detection signatures to reduce false positives.
2022/10/20 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 Updated rules:
sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001		 This release tuned detection signatures to reduce false positives and updated the signatures to improve detection.
2022/10/20 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_sqli_body
rule_sqli_query		 Updated rules:
rule_sqli_body
rule_sqli_query		 This release tuned detection signatures to reduce false positives and updated the signatures to improve detection.
2022/10/06 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 oscommandi-header-001 Updated rule:
oscommandi-header-001		 This release tuned detection signatures to reduce false positives.
2022/09/29 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001		 Updated rules:
oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001		 This release updates the signatures to improve detection.
2022/09/29 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_oscmdi_query
rule_oscmdi_body		 Updated rules:
rule_oscmdi_query
rule_oscmdi_body		 This release updates the signatures to improve detection.
2022/09/14 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 All rules in the target products Updated rules:
All rules in the target products		 Cyber Security Cloud Managed Rules for new AWS WAF rule groups support labeling.

Label for Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
awswaf:managed:cyber-security-cloud:owasp-high-security:<rule-name>

Label for Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
awswaf:managed:cyber-security-cloud:api-gateway-serverless:<rule-name>
2022/09/14 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 xxe-header-001 Updated rule:
xxe-header-001		 This release updates the signatures to improve detection.
2022/09/07 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 xxe-ssci-body-001
xxe-ssci-qs-001
xxe-header-001		 Updated rules:
xxe-ssci-body-001
xxe-ssci-qs-001
xxe-header-001		 This release tuned detection signatures to improve the performance of regular expressions.
2022/09/07 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_ssci_xxe_other_body
rule_ssci_xxe_other_query		 Updated rules:
rule_ssci_xxe_other_body
rule_ssci_xxe_other_query		 This release tuned detection signatures to improve the performance of regular expressions.
2022/08/31 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-header-001 Updated rule:
sqli-header-001		 This release updates the signatures to improve detection.
2022/08/25 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-		 ssii-body-001
ssii-qs-001		 Added rules:
ssii-body-001
ssii-qs-001		 This release adds the rules to improve detection.
2022/08/18 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-		 Zimbra_CVE-2022-27925_001 Added rule:
Zimbra_CVE-2022-27925_001		 Added rule for Zimbra Collaboration Suite(ZCS) RCE vulnerabilities (CVE-2022-27925).
2022/08/17 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 pathtraversal-header-001 Updated rule:
pathtraversal-header-001		 This release updates the signatures to improve detection.
2022/08/12 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-body-001 Updated rule:
sqli-body-001		 This release tuned detection signatures to reduce false positives.
2022/08/12 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_sqli_body
rule_sqli_query		 Updated rules:
rule_sqli_body
rule_sqli_query		 This release tuned detection signatures to reduce false positives.
2022/07/27 Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- All rules except for the following rules,
bad_useragent-header-001
struts-multi-002
tomcat-multi-001
drupal-multi-001		 Updated rules:
All rules except for the following rules,
bad_useragent-header-001
struts-multi-002
tomcat-multi-001
drupal-multi-001		 Added encode patterns to improve detection against attempts to bypass a WAF.
2022/07/27 ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- All rules except for the following rule,
bad_useragent-header-001		 Updated rules:
All rules except for the following rule,
bad_useragent-header-001		 Added encode patterns to improve detection against attempts to bypass a WAF.
2022/07/27 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_xss_body
rule_xss_query		 Updated rules:
rule_xss_body
rule_xss_query		 This release tuned detection signatures to reduce false positives.
2022/07/15 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 Log4j_CVE-2021-44228 Updated rule:
Log4j_CVE-2021-44228		 This release updates the signatures to improve detection.
2022/07/15 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless		 xss-body-001
xss-qs-001
xss-header-001		 Updated rules:
xss-body-001
xss-qs-001
xss-header-001		 This release tuned detection signatures to reduce false positives.
2022/07/15 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- Log4j_CVE-2021-44228_004 Added rule:
Log4j_CVE-2021-44228_004		 This release adds the rule to improve detection.
2022/06/17 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001

struts-multi-001
Log4j_CVE-2021-44228		 Added rules:
sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001

Updated rules:
struts-multi-001
Log4j_CVE-2021-44228		 This release updates the signatures or adds the rules to improve detection.
2022/06/17 ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001

Log4j_CVE-2021-44228		 Added rules:
sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001

Updated rule:
Log4j_CVE-2021-44228		 This release updates the signatures or adds the rules to improve detection.
2022/04/05 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- spring_CVE-2022-22963_001 Added rule:
spring_CVE-2022-22963_001		 Added rule for Spring Cloud Function RCE vulnerabilities.
2022/04/01 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 SpringCloudFunction_CVE-2022-22963 Added rule:
SpringCloudFunction_CVE-2022-22963		 Added rule for Spring Cloud Function RCE vulnerabilities.
2022/03/31 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
 Spring4Shell-001 Added rule
Spring4Shell-001		 Added rule for Spring Core RCE vulnerabilities.
2022/03/31 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- spring4shell-vuls-qs-001
spring4shell-vuls-body-001		 Added rules:
spring4shell-vuls-qs-001
spring4shell-vuls-body-001 		Added rules for Spring Core RCE vulnerabilities.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless		 sqli-body-001
sqli-body-002		 Combine
sqli-body-001
sqli-body-002
into
sqli-body-001		 Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-body-002." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-qs-001
sqli-qs-002		 Combine
sqli-qs-001
sqli-qs-002
into
sqli-qs-001		 Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-qs-002." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 sqli-url-001 rule enhancement:
sqli-url-001
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 cookie-body-001
headeri-body-001		 rule name change:
cookie-body-001
to
headeri-body-001		 Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-body-001." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 cookie-qs-001

headeri-qs-001		 rule name change:
cookie-qs-001
to
headeri-qs-001		 Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-qs-001." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 ldapi-url-001

ldapi-multi-001		 rule name change:
ldapi-url-001
to
ldapi-multi-001		 Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "ldapi-url-001." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 xxe-ssci-body-001

oscommandi-body-001
xxe-body-001
ssci-body-001
headeri-body-001		 Separate
xxe-ssci-body-001
to 4 rules:
oscommandi-body-001
xxe-body-001
ssci-body-001
headeri-body-001		 Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-body-001." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-		 xxe-ssci-qs-001

oscommandi-qs-001
xxe-qs-001
ssci-qs-001
headeri-qs-001		 Separate
xxe-ssci-qs-001
to 4 rules:
oscommandi-qs-001
xxe-qs-001
ssci-qs-001
headeri-qs-001		 Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-qs-001." Please make sure to check the changes and take any necessary actions.

List of supported regions for AWS WAF

North And South America Region
Northern Virginia Ohio Oregon Northern California Montereal Sao Paulo AWS GovCloud(West) AWS GovCloud(East)
AWS WAF
CSC Managed Rule
AWS WAF CSC Managed Rule
Northern Virginia
Ohio
Oregon
Northern California
Montereal
Sao Paulo
AWS GovCloud(West)
AWS GovCloud(East)
Europe, Middle East & Africa Region
Ireland Frankfurt London Paris Stockholm Bahrain Cape Town Milan
AWS WAF
CSC Managed Rule
AWS WAF CSC Managed Rule
Ireland
Frankfurt
London
Paris
Stockholm
Bahrain
Cape Town
Milan
Asia Pacific Region
Tokyo Osaka Singapore Sydney Seoul Mumbai Jakarta Hong Kong Beijing Ningxia
AWS WAF
CSC Managed Rule
AWS WAF CSC Managed Rule
Tokyo
Osaka
Singapore
Sydney
Seoul
Mumbai
Jakarta
Hong Kong
Beijing
Ningxia

How to report false positives

If you are encountering problems such as false positives with your Cyber Security Cloud Managed Rules for AWS WAF, you should do the following:
  1. Exclude the specific rules that are blocking legitimate traffic. For more information about excluding rules, see this blog (https://www.wafcharm.com/en/blog/aws-waf-managed-rule-rulegourp-exception/).
  2. If excluding specific rules does not solve the problem, you can change the action for the Cyber Security Cloud ruleset from No override to Override to count.
  3. If you are not sure if your problem is related to the Cyber Security Cloud ruleset, your web ACLs, or your custom rules, contact AWS Support first.
  4. For issues related specifically to the Cyber Security Cloud ruleset, you can contact Cyber Security Cloud Support at aws-waf-support@wafcharm.com
To report false positives,
  • Log some requests that the rule has flagged as malicious requests.
  • Attach the requests to an e-mail.

How to unsubscribe

After you subscribe to Cyber Security Cloud Managed Rules, add the ruleset to your AWS WAF settings.
  1. Sign in to the AWS Management Console and open the AWS WAF console
  2. Remove the rule group from all web ACLs
  3. In the navigation pane, choose Marketplace.
  4. Choose Manage your subscriptions.
  5. Choose Cancel subscription next to the name of the rule group that you want to unsubscribe from.
  6. Choose Yes, cancel subscription.