Support
Contact Cyber Security Cloud Support
email: aws-waf-support@wafcharm.com
Subscribe to the Cyber Security Cloud Managed Rules SNS notification
By subscribing to the CSC Managed Rules SNS notifications, you will be notified of any changes, including the "Change Log" listed on this page.
SNS Topic ARN: arn:aws:sns:us-east-1:343255486711:CyberSecurityCloud-ManagedRule
AWS WAF Labels for Cyber Security Cloud Managed Rules
The following shows the full label syntax in “Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-”
awswaf:managed:cyber-security-cloud:owasp-high-security:<rule-name>
The following shows the full label syntax in “Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-”
awswaf:managed:cyber-security-cloud:api-gateway-serverless:<rule-name>
For example)
Rule group: Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
Rule name: sqli-body-001
For the rule above, rule label would be:
“awswaf:managed:cyber-security-cloud:owasp-high-security:sqli-body-001”
Note
Applicable rules:
Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
In the managed rules listed above, Continue is selected for the oversize handling instructions of rules that inspect Body and JSON Body.
This means that the rules will inspect the first 8KB (8,192 bytes) of the request, but the rest of the strings that exceed the limit will be excluded from the inspection without taking actions Count/Block, allowing the request to pass the rules.
Therefore, if you would like to block a request that may include attacks after the first 8KB (8,192 bytes), you will need to create a rule that will block any HTTP request that exceeds 8 KB (8,192 bytes).
Oversize handling for request components
CHANGE LOG
This lists changes to the Cyber Security Cloud Managed Rules since March, 2022
| Date | Target Products | Target Rules | Changes | Note |
|---|---|---|---|---|
| 2023/12/20 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
Updated rules: sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
This release tuned detection signatures to reduce false positives. |
| 2023/12/20 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | rule_sqli_query rule_sqli_body |
Updated rules: rule_sqli_query rule_sqli_body |
This release tuned detection signatures to reduce false positives. |
| 2023/08/03 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
oscommandi-url-001 | Added rules: oscommandi-url-001 |
This release adds a rule to improve detection. |
| 2023/05/17 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
Updated rules: sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
This release updates the signatures to improve detection. |
| 2023/03/30 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
ZK_Framework_CVE-2022-36537 | Added rule: ZK_Framework_CVE-2022-36537 |
Added rule for ZK Framework AuUploader Authentication Bypass vulnerabilities (CVE-2022-36537). |
| 2023/03/23 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
ssci-body-001 ssci-qs-001 |
Updated rules: ssci-body-001 ssci-qs-001 |
This release tuned detection signatures to reduce false positives. |
| 2023/03/23 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | rule_ssci_xxe_other_body rule_ssci_xxe_other_query |
Updated rules: rule_ssci_xxe_other_body rule_ssci_xxe_other_query |
This release tuned detection signatures to reduce false positives. |
| 2023/02/17 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
Updated rules: sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
This release tuned detection signatures to reduce false positives. |
| 2022/12/28 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
sqli-body-002 sqli-qs-002 sqli-url-002 sqli-header-002 |
Updated rules: sqli-body-002 sqli-qs-002 sqli-url-002 sqli-header-002 |
This release tuned detection signatures to reduce false positives. |
| 2022/12/27 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
sqli-body-002 sqli-qs-002 sqli-url-002 sqli-header-002 Log4j_CVE-2021-44228 |
Added rules: sqli-body-002 sqli-qs-002 sqli-url-002 sqli-header-002 Updated rule: Log4j_CVE-2021-44228 |
This release updates the signatures and adds the rules to improve detection. |
| 2022/11/24 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
bad_useragent-header-001 | Updated rule: bad_useragent-header-001 |
This release tuned detection signatures to reduce false positives. |
| 2022/11/24 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | wafcharm_bad_useragent_010080001-05 | Updated rule: wafcharm_bad_useragent_010080001-05 |
This release tuned detection signatures to reduce false positives. |
| 2022/10/27 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
oscommandi-cookie-001 oscommandi-header-001 |
Added rule: oscommandi-cookie-001 Updated rule: oscommandi-header-001 |
This release updates the signatures and adds the rules to improve detection. |
| 2022/10/20 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
oscommandi-body-001 oscommandi-qs-001 oscommandi-header-001 |
Updated rules: oscommandi-body-001 oscommandi-qs-001 oscommandi-header-001 |
This release tuned detection signatures to reduce false positives. |
| 2022/10/20 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | rule_oscmdi_query rule_oscmdi_body |
Updated rules: rule_oscmdi_query rule_oscmdi_body |
This release tuned detection signatures to reduce false positives. |
| 2022/10/20 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
Updated rules: sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
This release tuned detection signatures to reduce false positives and updated the signatures to improve detection. |
| 2022/10/20 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | rule_sqli_body rule_sqli_query |
Updated rules: rule_sqli_body rule_sqli_query |
This release tuned detection signatures to reduce false positives and updated the signatures to improve detection. |
| 2022/10/06 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
oscommandi-header-001 | Updated rule: oscommandi-header-001 |
This release tuned detection signatures to reduce false positives. |
| 2022/09/29 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
oscommandi-body-001 oscommandi-qs-001 oscommandi-header-001 |
Updated rules: oscommandi-body-001 oscommandi-qs-001 oscommandi-header-001 |
This release updates the signatures to improve detection. |
| 2022/09/29 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | rule_oscmdi_query rule_oscmdi_body |
Updated rules: rule_oscmdi_query rule_oscmdi_body |
This release updates the signatures to improve detection. |
| 2022/09/14 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
All rules in the target products | Updated rules: All rules in the target products |
Cyber Security Cloud Managed Rules for new AWS WAF rule groups support labeling. Label for Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- awswaf:managed:cyber-security-cloud:owasp-high-security:<rule-name> Label for Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- awswaf:managed:cyber-security-cloud:api-gateway-serverless:<rule-name> |
| 2022/09/14 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
xxe-header-001 | Updated rule: xxe-header-001 |
This release updates the signatures to improve detection. |
| 2022/09/07 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
xxe-ssci-body-001 xxe-ssci-qs-001 xxe-header-001 |
Updated rules: xxe-ssci-body-001 xxe-ssci-qs-001 xxe-header-001 |
This release tuned detection signatures to improve the performance of regular expressions. |
| 2022/09/07 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | rule_ssci_xxe_other_body rule_ssci_xxe_other_query |
Updated rules: rule_ssci_xxe_other_body rule_ssci_xxe_other_query |
This release tuned detection signatures to improve the performance of regular expressions. |
| 2022/08/31 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
sqli-header-001 | Updated rule: sqli-header-001 |
This release updates the signatures to improve detection. |
| 2022/08/25 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
ssii-body-001 ssii-qs-001 |
Added rules: ssii-body-001 ssii-qs-001 |
This release adds the rules to improve detection. |
| 2022/08/18 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
Zimbra_CVE-2022-27925_001 | Added rule: Zimbra_CVE-2022-27925_001 |
Added rule for Zimbra Collaboration Suite(ZCS) RCE vulnerabilities (CVE-2022-27925). |
| 2022/08/17 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
pathtraversal-header-001 | Updated rule: pathtraversal-header-001 |
This release updates the signatures to improve detection. |
| 2022/08/12 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
sqli-body-001 | Updated rule: sqli-body-001 |
This release tuned detection signatures to reduce false positives. |
| 2022/08/12 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | rule_sqli_body rule_sqli_query |
Updated rules: rule_sqli_body rule_sqli_query |
This release tuned detection signatures to reduce false positives. |
| 2022/07/27 | Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- | All rules except for the following rules, bad_useragent-header-001 struts-multi-002 tomcat-multi-001 drupal-multi-001 |
Updated rules: All rules except for the following rules, bad_useragent-header-001 struts-multi-002 tomcat-multi-001 drupal-multi-001 |
Added encode patterns to improve detection against attempts to bypass a WAF. |
| 2022/07/27 | ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- | All rules except for the following rule, bad_useragent-header-001 |
Updated rules: All rules except for the following rule, bad_useragent-header-001 |
Added encode patterns to improve detection against attempts to bypass a WAF. |
| 2022/07/27 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | rule_xss_body rule_xss_query |
Updated rules: rule_xss_body rule_xss_query |
This release tuned detection signatures to reduce false positives. |
| 2022/07/15 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
Log4j_CVE-2021-44228 | Updated rule: Log4j_CVE-2021-44228 |
This release updates the signatures to improve detection. |
| 2022/07/15 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
xss-body-001 xss-qs-001 xss-header-001 |
Updated rules: xss-body-001 xss-qs-001 xss-header-001 |
This release tuned detection signatures to reduce false positives. |
| 2022/07/15 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | Log4j_CVE-2021-44228_004 | Added rule: Log4j_CVE-2021-44228_004 |
This release adds the rule to improve detection. |
| 2022/06/17 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- | sqli-header-001 oscommandi-header-001 xss-header-001 xxe-header-001 pathtraversal-header-001 struts-multi-001 Log4j_CVE-2021-44228 |
Added rules: sqli-header-001 oscommandi-header-001 xss-header-001 xxe-header-001 pathtraversal-header-001 Updated rules: struts-multi-001 Log4j_CVE-2021-44228 |
This release updates the signatures or adds the rules to improve detection. |
| 2022/06/17 | ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- | sqli-header-001 oscommandi-header-001 xss-header-001 xxe-header-001 pathtraversal-header-001 Log4j_CVE-2021-44228 |
Added rules: sqli-header-001 oscommandi-header-001 xss-header-001 xxe-header-001 pathtraversal-header-001 Updated rule: Log4j_CVE-2021-44228 |
This release updates the signatures or adds the rules to improve detection. |
| 2022/04/05 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | spring_CVE-2022-22963_001 | Added rule: spring_CVE-2022-22963_001 |
Added rule for Spring Cloud Function RCE vulnerabilities. |
| 2022/04/01 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
SpringCloudFunction_CVE-2022-22963 | Added rule: SpringCloudFunction_CVE-2022-22963 |
Added rule for Spring Cloud Function RCE vulnerabilities. |
| 2022/03/31 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
Spring4Shell-001 | Added rule Spring4Shell-001 |
Added rule for Spring Core RCE vulnerabilities. |
| 2022/03/31 | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- | spring4shell-vuls-qs-001 spring4shell-vuls-body-001 |
Added rules: spring4shell-vuls-qs-001 spring4shell-vuls-body-001 |
Added rules for Spring Core RCE vulnerabilities. |
| 2022/03/09 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
sqli-body-001 sqli-body-002 |
Combine sqli-body-001 sqli-body-002 into sqli-body-001 |
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-body-002." Please make sure to check the changes and take any necessary actions. |
| 2022/03/09 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
sqli-qs-001 sqli-qs-002 |
Combine sqli-qs-001 sqli-qs-002 into sqli-qs-001 |
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-qs-002." Please make sure to check the changes and take any necessary actions. |
| 2022/03/09 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
sqli-url-001 | rule enhancement: sqli-url-001 |
|
| 2022/03/09 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
cookie-body-001 headeri-body-001 |
rule name change: cookie-body-001 to headeri-body-001 |
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-body-001." Please make sure to check the changes and take any necessary actions. |
| 2022/03/09 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
cookie-qs-001 headeri-qs-001 |
rule name change: cookie-qs-001 to headeri-qs-001 |
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-qs-001." Please make sure to check the changes and take any necessary actions. |
| 2022/03/09 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
ldapi-url-001 ldapi-multi-001 |
rule name change: ldapi-url-001 to ldapi-multi-001 |
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "ldapi-url-001." Please make sure to check the changes and take any necessary actions. |
| 2022/03/09 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
xxe-ssci-body-001 oscommandi-body-001 xxe-body-001 ssci-body-001 headeri-body-001 |
Separate xxe-ssci-body-001 to 4 rules: oscommandi-body-001 xxe-body-001 ssci-body-001 headeri-body-001 |
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-body-001." Please make sure to check the changes and take any necessary actions. |
| 2022/03/09 | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
xxe-ssci-qs-001 oscommandi-qs-001 xxe-qs-001 ssci-qs-001 headeri-qs-001 |
Separate xxe-ssci-qs-001 to 4 rules: oscommandi-qs-001 xxe-qs-001 ssci-qs-001 headeri-qs-001 |
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-qs-001." Please make sure to check the changes and take any necessary actions. |
| Date | 2023/08/03 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | oscommandi-url-001 |
| Changes | Added rules: oscommandi-url-001 |
| Note | This release adds a rule to improve detection. |
| Date | 2023/05/17 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
| Changes | Updated rules: sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
| Note | This release updates the signatures to improve detection. |
| Date | 2023/03/30 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | ZK_Framework_CVE-2022-36537 |
| Changes | Added rule: ZK_Framework_CVE-2022-36537 |
| Note | Added rule for ZK Framework AuUploader Authentication Bypass vulnerabilities (CVE-2022-36537). |
| Date | 2023/03/23 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
| Target Rules | ssci-body-001 ssci-qs-001 |
| Changes | Updated rules: ssci-body-001 ssci-qs-001 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2023/03/23 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | rule_ssci_xxe_other_body rule_ssci_xxe_other_query |
| Changes | Updated rules: rule_ssci_xxe_other_body rule_ssci_xxe_other_query |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2023/02/17 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
| Target Rules | sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
| Changes | Updated rules: sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/12/28 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
| Target Rules | sqli-body-002 sqli-qs-002 sqli-url-002 sqli-header-002 |
| Changes | Updated rules: sqli-body-002 sqli-qs-002 sqli-url-002 sqli-header-002 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/12/27 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
| Target Rules | sqli-body-002 sqli-qs-002 sqli-url-002 sqli-header-002 Log4j_CVE-2021-44228 |
| Changes | Added rules: sqli-body-002 sqli-qs-002 sqli-url-002 sqli-header-002 Updated rule: Log4j_CVE-2021-44228 |
| Note | This release updates the signatures and adds the rules to improve detection. |
| Date | 2022/11/24 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | bad_useragent-header-001 |
| Changes | Updated rule: bad_useragent-header-001 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/11/24 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | wafcharm_bad_useragent_010080001-05 |
| Changes | Updated rule: wafcharm_bad_useragent_010080001-05 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/10/27 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | oscommandi-cookie-001 oscommandi-header-001 |
| Changes | Added rule: oscommandi-cookie-001 Updated rule: oscommandi-header-001 |
| Note | This release updates the signatures and adds the rules to improve detection. |
| Date | 2022/10/20 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | oscommandi-body-001 oscommandi-qs-001 oscommandi-header-001 |
| Changes | Updated rules: oscommandi-body-001 oscommandi-qs-001 oscommandi-header-001 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/10/20 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | rule_oscmdi_query rule_oscmdi_body |
| Changes | Updated rules: rule_oscmdi_query rule_oscmdi_body |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/10/20 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
| Changes | Updated rules: sqli-body-001 sqli-qs-001 sqli-url-001 sqli-header-001 |
| Note | This release tuned detection signatures to reduce false positives and updated the signatures to improve detection. |
| Date | 2022/10/20 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | rule_sqli_body rule_sqli_query |
| Changes | Updated rules: rule_sqli_body rule_sqli_query |
| Note | This release tuned detection signatures to reduce false positives and updated the signatures to improve detection. |
| Date | 2022/10/06 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | oscommandi-header-001 |
| Changes | Updated rule: oscommandi-header-001 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/09/29 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | oscommandi-body-001 oscommandi-qs-001 oscommandi-header-001 |
| Changes | Updated rules: oscommandi-body-001 oscommandi-qs-001 oscommandi-header-001 |
| Note | This release updates the signatures to improve detection. |
| Date | 2022/09/29 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | rule_oscmdi_query rule_oscmdi_body |
| Changes | Updated rules: rule_oscmdi_query rule_oscmdi_body |
| Note | This release updates the signatures to improve detection. |
| Date | 2022/09/14 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | All rules in the target products |
| Changes | Updated rules: All rules in the target products |
| Note | Cyber Security Cloud Managed Rules for new AWS WAF rule groups support labeling. Label for Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- awswaf:managed:cyber-security-cloud:owasp-high-security:<rule-name> Label for Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- awswaf:managed:cyber-security-cloud:api-gateway-serverless:<rule-name> |
| Date | 2022/09/14 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | xxe-header-001 |
| Changes | Updated rule: xxe-header-001 |
| Note | This release updates the signatures to improve detection. |
| Date | 2022/09/07 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | xxe-ssci-body-001 xxe-ssci-qs-001 xxe-header-001 |
| Changes | Updated rules: xxe-ssci-body-001 xxe-ssci-qs-001 xxe-header-001 |
| Note | This release tuned detection signatures to improve the performance of regular expressions. |
| Date | 2022/09/07 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | rule_ssci_xxe_other_body rule_ssci_xxe_other_query |
| Changes | Updated rules: rule_ssci_xxe_other_body rule_ssci_xxe_other_query |
| Note | This release tuned detection signatures to improve the performance of regular expressions. |
| Date | 2022/08/31 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | sqli-header-001 |
| Changes | Updated rule: sqli-header-001 |
| Note | This release updates the signatures to improve detection. |
| Date | 2022/08/25 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | ssii-body-001 ssii-qs-001 |
| Changes | Added rules: ssii-body-001 ssii-qs-001 |
| Note | This release adds the rules to improve detection. |
| Date | 2022/08/18 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | Zimbra_CVE-2022-27925_001 |
| Changes | Added rule: Zimbra_CVE-2022-27925_001 |
| Note | Added rule for Zimbra Collaboration Suite(ZCS) RCE vulnerabilities (CVE-2022-27925). |
| Date | 2022/08/17 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | pathtraversal-header-001 |
| Changes | Updated rule: pathtraversal-header-001 |
| Note | This release updates the signatures to improve detection. |
| Date | 2022/08/12 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | sqli-body-001 |
| Changes | Updated rule: sqli-body-001 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/08/12 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | rule_sqli_body rule_sqli_query |
| Changes | Updated rules: rule_sqli_body rule_sqli_query |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/07/27 |
|---|---|
| Target Products | Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- |
| Target Rules | All rules except for the following rules, bad_useragent-header-001 struts-multi-002 tomcat-multi-001 drupal-multi-001 |
| Changes | Updated rules: All rules except for the following rules, bad_useragent-header-001 struts-multi-002 tomcat-multi-001 drupal-multi-001 |
| Note | Added encode patterns to improve detection against attempts to bypass a WAF. |
| Date | 2022/07/27 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | All rules except for the following rule, bad_useragent-header-001 |
| Changes | Updated rules: All rules except for the following rule, bad_useragent-header-001 |
| Note | Added encode patterns to improve detection against attempts to bypass a WAF. |
| Date | 2022/07/27 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | rule_xss_body rule_xss_query |
| Changes | Updated rules: rule_xss_body rule_xss_query |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/07/15 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | Log4j_CVE-2021-44228 |
| Changes | Updated rule: Log4j_CVE-2021-44228 |
| Note | This release updates the signatures to improve detection. |
| Date | 2022/07/15 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
| Target Rules | xss-body-001 xss-qs-001 xss-header-001 |
| Changes | Updated rules: xss-body-001 xss-qs-001 xss-header-001 |
| Note | This release tuned detection signatures to reduce false positives. |
| Date | 2022/07/15 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | Log4j_CVE-2021-44228_004 |
| Changes | Added rule: Log4j_CVE-2021-44228_004 |
| Note | This release adds the rule to improve detection. |
| Date | 2022/06/17 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- |
| Target Rules | sqli-header-001 oscommandi-header-001 xss-header-001 xxe-header-001 pathtraversal-header-001 struts-multi-001 Log4j_CVE-2021-44228 |
| Changes | Added rules: sqli-header-001 oscommandi-header-001 xss-header-001 xxe-header-001 pathtraversal-header-001 Updated rules: struts-multi-001 Log4j_CVE-2021-44228 |
| Note | This release updates the signatures or adds the rules to improve detection. |
| Date | 2022/06/17 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | sqli-header-001 oscommandi-header-001 xss-header-001 xxe-header-001 pathtraversal-header-001 Log4j_CVE-2021-44228 |
| Changes | Added rules: sqli-header-001 oscommandi-header-001 xss-header-001 xxe-header-001 pathtraversal-header-001 Updated rule: Log4j_CVE-2021-44228 |
| Note | This release updates the signatures or adds the rules to improve detection. |
| Date | 2022/04/05 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | spring_CVE-2022-22963_001 |
| Changes | Added rule: spring_CVE-2022-22963_001 |
| Note | Added rule for Spring Cloud Function RCE vulnerabilities. |
| Date | 2022/04/01 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | SpringCloudFunction_CVE-2022-22963 |
| Changes | Added rule: SpringCloudFunction_CVE-2022-22963 |
| Note | Added rule for Spring Cloud Function RCE vulnerabilities. |
| Date | 2022/03/31 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | Spring4Shell-001 |
| Changes | Added rule Spring4Shell-001 |
| Note | Added rule for Spring Core RCE vulnerabilities. |
| Date | 2022/03/31 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- |
| Target Rules | spring4shell-vuls-qs-001 spring4shell-vuls-body-001 |
| Changes | Added rules: spring4shell-vuls-qs-001 spring4shell-vuls-body-001 |
| Note | Added rules for Spring Core RCE vulnerabilities. |
| Date | 2022/03/09 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless |
| Target Rules | sqli-body-001 sqli-body-002 |
| Changes | Combine sqli-body-001 sqli-body-002 into sqli-body-001 |
| Note | Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-body-002." Please make sure to check the changes and take any necessary actions. |
| Date | 2022/03/09 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | sqli-qs-001 sqli-qs-002 |
| Changes | Combine sqli-qs-001 sqli-qs-002 into sqli-qs-001 |
| Note | Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-qs-002." Please make sure to check the changes and take any necessary actions. |
| Date | 2022/03/09 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | sqli-url-001 |
| Changes | rule enhancement: sqli-url-001 |
| Note |
| Date | 2022/03/09 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | cookie-body-001 headeri-body-001 |
| Changes | rule name change: cookie-body-001 to headeri-body-001 |
| Note | Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-body-001." Please make sure to check the changes and take any necessary actions. |
| Date | 2022/03/09 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | cookie-qs-001 headeri-qs-001 |
| Changes | rule name change: cookie-qs-001 to headeri-qs-001 |
| Note | Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-qs-001." Please make sure to check the changes and take any necessary actions. |
| Date | 2022/03/09 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | ldapi-url-001 ldapi-multi-001 |
| Changes | rule name change: ldapi-url-001 to ldapi-multi-001 |
| Note | Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "ldapi-url-001." Please make sure to check the changes and take any necessary actions. |
| Date | 2022/03/09 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | xxe-ssci-body-001 oscommandi-body-001 xxe-body-001 ssci-body-001 headeri-body-001 |
| Changes | Separate xxe-ssci-body-001 to 4 rules: oscommandi-body-001 xxe-body-001 ssci-body-001 headeri-body-001 |
| Note | Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-body-001." Please make sure to check the changes and take any necessary actions. |
| Date | 2022/03/09 |
|---|---|
| Target Products | ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- |
| Target Rules | xxe-ssci-qs-001 oscommandi-qs-001 xxe-qs-001 ssci-qs-001 headeri-qs-001 |
| Changes | Separate xxe-ssci-qs-001 to 4 rules: oscommandi-qs-001 xxe-qs-001 ssci-qs-001 headeri-qs-001 |
| Note | Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-qs-001." Please make sure to check the changes and take any necessary actions. |
List of supported regions for AWS WAF
North And South America Region
| Northern Virginia | Ohio | Oregon | Northern California | Montereal | Sao Paulo | AWS GovCloud(West) | AWS GovCloud(East) | |
|---|---|---|---|---|---|---|---|---|
| AWS WAF | ||||||||
| CSC Managed Rule |
| AWS WAF | CSC Managed Rule | |
|---|---|---|
| Northern Virginia | ||
| Ohio | ||
| Oregon | ||
| Northern California | ||
| Montereal | ||
| Sao Paulo | ||
| AWS GovCloud(West) | ||
| AWS GovCloud(East) |
Europe, Middle East & Africa Region
| Ireland | Frankfurt | London | Paris | Stockholm | Bahrain | Cape Town | Milan | |
|---|---|---|---|---|---|---|---|---|
| AWS WAF | ||||||||
| CSC Managed Rule |
| AWS WAF | CSC Managed Rule | |
|---|---|---|
| Ireland | ||
| Frankfurt | ||
| London | ||
| Paris | ||
| Stockholm | ||
| Bahrain | ||
| Cape Town | ||
| Milan |
Asia Pacific Region
| Tokyo | Osaka | Singapore | Sydney | Seoul | Mumbai | Jakarta | Hong Kong | Beijing | Ningxia | |
|---|---|---|---|---|---|---|---|---|---|---|
| AWS WAF | ||||||||||
| CSC Managed Rule |
| AWS WAF | CSC Managed Rule | |
|---|---|---|
| Tokyo | ||
| Osaka | ||
| Singapore | ||
| Sydney | ||
| Seoul | ||
| Mumbai | ||
| Jakarta | ||
| Hong Kong | ||
| Beijing | ||
| Ningxia |
How to report false positives
If you are encountering problems such as false positives with your Cyber Security Cloud Managed Rules for AWS WAF, you should do the following:
- Exclude the specific rules that are blocking legitimate traffic. For more information about excluding rules, see this blog (https://www.wafcharm.com/en/blog/aws-waf-managed-rule-rulegourp-exception/).
- If excluding specific rules does not solve the problem, you can change the action for the Cyber Security Cloud ruleset from No override to Override to count.
- If you are not sure if your problem is related to the Cyber Security Cloud ruleset, your web ACLs, or your custom rules, contact AWS Support first.
- For issues related specifically to the Cyber Security Cloud ruleset, you can contact Cyber Security Cloud Support at
aws-waf-support@wafcharm.com
To report false positives,
- Log some requests that the rule has flagged as malicious requests.
- Attach the requests to an e-mail.
How to unsubscribe
After you subscribe to Cyber Security Cloud Managed Rules, add the ruleset to your AWS WAF settings.
- Sign in to the AWS Management Console and open the AWS WAF console
- Remove the rule group from all web ACLs
- In the navigation pane, choose Marketplace.
- Choose Manage your subscriptions.
- Choose Cancel subscription next to the name of the rule group that you want to unsubscribe from.
- Choose Yes, cancel subscription.