Waf Charm

Contact Cyber Security Cloud Support

email: aws-waf-support@wafcharm.com

Subscribe to the Cyber Security Cloud Managed Rules SNS notification

By subscribing to the CSC Managed Rules SNS notifications, you will be notified of any changes, including the "Change Log" listed on this page.

SNS Topic ARN: arn:aws:sns:us-east-1:343255486711:CyberSecurityCloud-ManagedRule

AWS WAF Labels for Cyber Security Cloud Managed Rules

The following shows the full label syntax in “Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
awswaf:managed:cyber-security-cloud:owasp-high-security:<rule-name>


The following shows the full label syntax in “Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
awswaf:managed:cyber-security-cloud:api-gateway-serverless:<rule-name>

For example)
Rule group: Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
Rule name: sqli-body-001

For the rule above, rule label would be:
“awswaf:managed:cyber-security-cloud:owasp-high-security:sqli-body-001”

Note

Applicable rules:
Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-

In the managed rules listed above, Continue is selected for the oversize handling instructions of rules that inspect Body and JSON Body.
This means that the rules will inspect the first 8KB (8,192 bytes) of the request, but the rest of the strings that exceed the limit will be excluded from the inspection without taking actions Count/Block, allowing the request to pass the rules.
Therefore, if you would like to block a request that may include attacks after the first 8KB (8,192 bytes), you will need to create a rule that will block any HTTP request that exceeds 8 KB (8,192 bytes).

Oversize handling for request components

CHANGE LOG

This lists changes to the Cyber Security Cloud Managed Rules since March, 2022

Date Target Products Target Rules Changes Note
2022/12/28 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless
sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002
Updated rules:
sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002
This release tuned detection signatures to reduce false positives.
2022/12/27 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless
sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002

Log4j_CVE-2021-44228
Added rules:
sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002


Updated rule:
Log4j_CVE-2021-44228
This release updates the signatures and adds the rules to improve detection.
2022/11/24 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
bad_useragent-header-001 Updated rule:
bad_useragent-header-001
This release tuned detection signatures to reduce false positives.
2022/11/24 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- wafcharm_bad_useragent_010080001-05 Updated rule:
wafcharm_bad_useragent_010080001-05
This release tuned detection signatures to reduce false positives.
2022/10/27 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
oscommandi-cookie-001
oscommandi-header-001
Added rule:
oscommandi-cookie-001
Updated rule:
oscommandi-header-001
This release updates the signatures and adds the rules to improve detection.
2022/10/20 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001
Updated rules:
oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001
This release tuned detection signatures to reduce false positives.
2022/10/20 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_oscmdi_query
rule_oscmdi_body
Updated rules:
rule_oscmdi_query
rule_oscmdi_body
This release tuned detection signatures to reduce false positives.
2022/10/20 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001
Updated rules:
sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001
This release tuned detection signatures to reduce false positives and updated the signatures to improve detection.
2022/10/20 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_sqli_body
rule_sqli_query
Updated rules:
rule_sqli_body
rule_sqli_query
This release tuned detection signatures to reduce false positives and updated the signatures to improve detection.
2022/10/06 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
oscommandi-header-001 Updated rule:
oscommandi-header-001
This release tuned detection signatures to reduce false positives.
2022/09/29 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001
Updated rules:
oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001
This release updates the signatures to improve detection.
2022/09/29 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_oscmdi_query
rule_oscmdi_body
Updated rules:
rule_oscmdi_query
rule_oscmdi_body
This release updates the signatures to improve detection.
2022/09/14 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
All rules in the target products Updated rules:
All rules in the target products
Cyber Security Cloud Managed Rules for new AWS WAF rule groups support labeling.

Label for Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
awswaf:managed:cyber-security-cloud:owasp-high-security:<rule-name>

Label for Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
awswaf:managed:cyber-security-cloud:api-gateway-serverless:<rule-name>
2022/09/14 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
xxe-header-001 Updated rule:
xxe-header-001
This release updates the signatures to improve detection.
2022/09/07 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
xxe-ssci-body-001
xxe-ssci-qs-001
xxe-header-001
Updated rules:
xxe-ssci-body-001
xxe-ssci-qs-001
xxe-header-001
This release tuned detection signatures to improve the performance of regular expressions.
2022/09/07 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_ssci_xxe_other_body
rule_ssci_xxe_other_query
Updated rules:
rule_ssci_xxe_other_body
rule_ssci_xxe_other_query
This release tuned detection signatures to improve the performance of regular expressions.
2022/08/31 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
sqli-header-001 Updated rule:
sqli-header-001
This release updates the signatures to improve detection.
2022/08/25 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
ssii-body-001
ssii-qs-001
Added rules:
ssii-body-001
ssii-qs-001
This release adds the rules to improve detection.
2022/08/18 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Zimbra_CVE-2022-27925_001 Added rule:
Zimbra_CVE-2022-27925_001
Added rule for Zimbra Collaboration Suite(ZCS) RCE vulnerabilities (CVE-2022-27925).
2022/08/17 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
pathtraversal-header-001 Updated rule:
pathtraversal-header-001
This release updates the signatures to improve detection.
2022/08/12 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
sqli-body-001 Updated rule:
sqli-body-001
This release tuned detection signatures to reduce false positives.
2022/08/12 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_sqli_body
rule_sqli_query
Updated rules:
rule_sqli_body
rule_sqli_query
This release tuned detection signatures to reduce false positives.
2022/07/27 Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- All rules except for the following rules,
bad_useragent-header-001
struts-multi-002
tomcat-multi-001
drupal-multi-001
Updated rules:
All rules except for the following rules,
bad_useragent-header-001
struts-multi-002
tomcat-multi-001
drupal-multi-001
Added encode patterns to improve detection against attempts to bypass a WAF.
2022/07/27 ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- All rules except for the following rule,
bad_useragent-header-001
Updated rules:
All rules except for the following rule,
bad_useragent-header-001
Added encode patterns to improve detection against attempts to bypass a WAF.
2022/07/27 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- rule_xss_body
rule_xss_query
Updated rules:
rule_xss_body
rule_xss_query
This release tuned detection signatures to reduce false positives.
2022/07/15 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Log4j_CVE-2021-44228 Updated rule:
Log4j_CVE-2021-44228
This release updates the signatures to improve detection.
2022/07/15 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless
xss-body-001
xss-qs-001
xss-header-001
Updated rules:
xss-body-001
xss-qs-001
xss-header-001
This release tuned detection signatures to reduce false positives.
2022/07/15 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- Log4j_CVE-2021-44228_004 Added rule:
Log4j_CVE-2021-44228_004
This release adds the rule to improve detection.
2022/06/17 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set- sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001

struts-multi-001
Log4j_CVE-2021-44228
Added rules:
sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001


Updated rules:
struts-multi-001
Log4j_CVE-2021-44228
This release updates the signatures or adds the rules to improve detection.
2022/06/17 ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless- sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001

Log4j_CVE-2021-44228
Added rules:
sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001


Updated rule:
Log4j_CVE-2021-44228
This release updates the signatures or adds the rules to improve detection.
2022/04/05 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- spring_CVE-2022-22963_001 Added rule:
spring_CVE-2022-22963_001
Added rule for Spring Cloud Function RCE vulnerabilities.
2022/04/01 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
SpringCloudFunction_CVE-2022-22963 Added rule:
SpringCloudFunction_CVE-2022-22963
Added rule for Spring Cloud Function RCE vulnerabilities.
2022/03/31 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Spring4Shell-001 Added rule
Spring4Shell-001
Added rule for Spring Core RCE vulnerabilities.
2022/03/31 ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set- spring4shell-vuls-qs-001
spring4shell-vuls-body-001
Added rules:
spring4shell-vuls-qs-001
spring4shell-vuls-body-001
Added rules for Spring Core RCE vulnerabilities.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless
sqli-body-001
sqli-body-002
Combine
sqli-body-001
sqli-body-002
into
sqli-body-001
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-body-002." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
sqli-qs-001
sqli-qs-002
Combine
sqli-qs-001
sqli-qs-002
into
sqli-qs-001
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-qs-002." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
sqli-url-001 rule enhancement:
sqli-url-001
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
cookie-body-001
headeri-body-001
rule name change:
cookie-body-001
to
headeri-body-001
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-body-001." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
cookie-qs-001

headeri-qs-001
rule name change:
cookie-qs-001
to
headeri-qs-001
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-qs-001." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
ldapi-url-001

ldapi-multi-001
rule name change:
ldapi-url-001
to
ldapi-multi-001
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "ldapi-url-001." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
xxe-ssci-body-001

oscommandi-body-001
xxe-body-001
ssci-body-001
headeri-body-001
Separate
xxe-ssci-body-001
to 4 rules:
oscommandi-body-001
xxe-body-001
ssci-body-001
headeri-body-001
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-body-001." Please make sure to check the changes and take any necessary actions.
2022/03/09 ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
xxe-ssci-qs-001

oscommandi-qs-001
xxe-qs-001
ssci-qs-001
headeri-qs-001
Separate
xxe-ssci-qs-001
to 4 rules:
oscommandi-qs-001
xxe-qs-001
ssci-qs-001
headeri-qs-001
Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-qs-001." Please make sure to check the changes and take any necessary actions.
Date 2022/12/28
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless
Target Rules sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002
Changes Updated rules:
sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002
Note This release tuned detection signatures to reduce false positives.
Date 2022/12/27
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless
Target Rules sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002

Log4j_CVE-2021-44228
Changes Added rules:
sqli-body-002
sqli-qs-002
sqli-url-002
sqli-header-002


Updated rule:
Log4j_CVE-2021-44228
Note This release updates the signatures and adds the rules to improve detection.
Date 2022/11/24
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules bad_useragent-header-001
Changes Updated rule:
bad_useragent-header-001
Note This release tuned detection signatures to reduce false positives.
Date 2022/11/24
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules wafcharm_bad_useragent_010080001-05
Changes Updated rule:
wafcharm_bad_useragent_010080001-05
Note This release tuned detection signatures to reduce false positives.
Date 2022/10/27
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules oscommandi-cookie-001
oscommandi-header-001
Changes Added rule:
oscommandi-cookie-001
Updated rule:
oscommandi-header-001
Note This release updates the signatures and adds the rules to improve detection.
Date 2022/10/20
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001
Changes Updated rules:
oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001
Note This release tuned detection signatures to reduce false positives.
Date 2022/10/20
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules rule_oscmdi_query
rule_oscmdi_body
Changes Updated rules:
rule_oscmdi_query
rule_oscmdi_body
Note This release tuned detection signatures to reduce false positives.
Date 2022/10/20
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001
Changes Updated rules:
sqli-body-001
sqli-qs-001
sqli-url-001
sqli-header-001
Note This release tuned detection signatures to reduce false positives and updated the signatures to improve detection.
Date 2022/10/20
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules rule_sqli_body
rule_sqli_query
Changes Updated rules:
rule_sqli_body
rule_sqli_query
Note This release tuned detection signatures to reduce false positives and updated the signatures to improve detection.
Date 2022/10/06
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules oscommandi-header-001
Changes Updated rule:
oscommandi-header-001
Note This release tuned detection signatures to reduce false positives.
Date 2022/09/29
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001
Changes Updated rules:
oscommandi-body-001
oscommandi-qs-001
oscommandi-header-001
Note This release updates the signatures to improve detection.
Date 2022/09/29
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules rule_oscmdi_query
rule_oscmdi_body
Changes Updated rules:
rule_oscmdi_query
rule_oscmdi_body
Note This release updates the signatures to improve detection.
Date 2022/09/14
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules All rules in the target products
Changes Updated rules:
All rules in the target products
Note Cyber Security Cloud Managed Rules for new AWS WAF rule groups support labeling.

Label for Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
awswaf:managed:cyber-security-cloud:owasp-high-security:<rule-name>

Label for Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
awswaf:managed:cyber-security-cloud:api-gateway-serverless:<rule-name>
Date 2022/09/14
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules xxe-header-001
Changes Updated rule:
xxe-header-001
Note This release updates the signatures to improve detection.
Date 2022/09/07
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules xxe-ssci-body-001
xxe-ssci-qs-001
xxe-header-001
Changes Updated rules:
xxe-ssci-body-001
xxe-ssci-qs-001
xxe-header-001
Note This release tuned detection signatures to improve the performance of regular expressions.
Date 2022/09/07
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules rule_ssci_xxe_other_body
rule_ssci_xxe_other_query
Changes Updated rules:
rule_ssci_xxe_other_body
rule_ssci_xxe_other_query
Note This release tuned detection signatures to improve the performance of regular expressions.
Date 2022/08/31
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules sqli-header-001
Changes Updated rule:
sqli-header-001
Note This release updates the signatures to improve detection.
Date 2022/08/25
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules ssii-body-001
ssii-qs-001
Changes Added rules:
ssii-body-001
ssii-qs-001
Note This release adds the rules to improve detection.
Date 2022/08/18
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules Zimbra_CVE-2022-27925_001
Changes Added rule:
Zimbra_CVE-2022-27925_001
Note Added rule for Zimbra Collaboration Suite(ZCS) RCE vulnerabilities (CVE-2022-27925).
Date 2022/08/17
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules pathtraversal-header-001
Changes Updated rule:
pathtraversal-header-001
Note This release updates the signatures to improve detection.
Date 2022/08/12
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules sqli-body-001
Changes Updated rule:
sqli-body-001
Note This release tuned detection signatures to reduce false positives.
Date 2022/08/12
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules rule_sqli_body
rule_sqli_query
Changes Updated rules:
rule_sqli_body
rule_sqli_query
Note This release tuned detection signatures to reduce false positives.
Date 2022/07/27
Target Products Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
Target Rules All rules except for the following rules,
bad_useragent-header-001
struts-multi-002
tomcat-multi-001
drupal-multi-001
Changes Updated rules:
All rules except for the following rules,
bad_useragent-header-001
struts-multi-002
tomcat-multi-001
drupal-multi-001
Note Added encode patterns to improve detection against attempts to bypass a WAF.
Date 2022/07/27
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules All rules except for the following rule,
bad_useragent-header-001
Changes Updated rules:
All rules except for the following rule,
bad_useragent-header-001
Note Added encode patterns to improve detection against attempts to bypass a WAF.
Date 2022/07/27
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules rule_xss_body
rule_xss_query
Changes Updated rules:
rule_xss_body
rule_xss_query
Note This release tuned detection signatures to reduce false positives.
Date 2022/07/15
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules Log4j_CVE-2021-44228
Changes Updated rule:
Log4j_CVE-2021-44228
Note This release updates the signatures to improve detection.
Date 2022/07/15
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless
Target Rules xss-body-001
xss-qs-001
xss-header-001
Changes Updated rules:
xss-body-001
xss-qs-001
xss-header-001
Note This release tuned detection signatures to reduce false positives.
Date 2022/07/15
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules Log4j_CVE-2021-44228_004
Changes Added rule:
Log4j_CVE-2021-44228_004
Note This release adds the rule to improve detection.
Date 2022/06/17
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
Target Rules sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001

struts-multi-001
Log4j_CVE-2021-44228
Changes Added rules:
sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001


Updated rules:
struts-multi-001
Log4j_CVE-2021-44228
Note This release updates the signatures or adds the rules to improve detection.
Date 2022/06/17
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001

Log4j_CVE-2021-44228
Changes Added rules:
sqli-header-001
oscommandi-header-001
xss-header-001
xxe-header-001
pathtraversal-header-001


Updated rule:
Log4j_CVE-2021-44228
Note This release updates the signatures or adds the rules to improve detection.
Date 2022/04/05
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules spring_CVE-2022-22963_001
Changes Added rule:
spring_CVE-2022-22963_001
Note Added rule for Spring Cloud Function RCE vulnerabilities.
Date 2022/04/01
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules SpringCloudFunction_CVE-2022-22963
Changes Added rule:
SpringCloudFunction_CVE-2022-22963
Note Added rule for Spring Cloud Function RCE vulnerabilities.
Date 2022/03/31
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules Spring4Shell-001
Changes Added rule
Spring4Shell-001
Note Added rule for Spring Core RCE vulnerabilities.
Date 2022/03/31
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
Target Rules spring4shell-vuls-qs-001
spring4shell-vuls-body-001
Changes Added rules:
spring4shell-vuls-qs-001
spring4shell-vuls-body-001
Note Added rules for Spring Core RCE vulnerabilities.
Date 2022/03/09
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless
Target Rules sqli-body-001
sqli-body-002
Changes Combine
sqli-body-001
sqli-body-002
into
sqli-body-001
Note Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-body-002." Please make sure to check the changes and take any necessary actions.
Date 2022/03/09
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules sqli-qs-001
sqli-qs-002
Changes Combine
sqli-qs-001
sqli-qs-002
into
sqli-qs-001
Note Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "sqli-qs-002." Please make sure to check the changes and take any necessary actions.
Date 2022/03/09
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules sqli-url-001
Changes rule enhancement:
sqli-url-001
Note
Date 2022/03/09
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules cookie-body-001
headeri-body-001
Changes rule name change:
cookie-body-001
to
headeri-body-001
Note Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-body-001." Please make sure to check the changes and take any necessary actions.
Date 2022/03/09
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules cookie-qs-001

headeri-qs-001
Changes rule name change:
cookie-qs-001
to
headeri-qs-001
Note Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "cookie-qs-001." Please make sure to check the changes and take any necessary actions.
Date 2022/03/09
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules ldapi-url-001

ldapi-multi-001
Changes rule name change:
ldapi-url-001
to
ldapi-multi-001
Note Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "ldapi-url-001." Please make sure to check the changes and take any necessary actions.
Date 2022/03/09
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules xxe-ssci-body-001

oscommandi-body-001
xxe-body-001
ssci-body-001
headeri-body-001
Changes Separate
xxe-ssci-body-001
to 4 rules:
oscommandi-body-001
xxe-body-001
ssci-body-001
headeri-body-001
Note Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-body-001." Please make sure to check the changes and take any necessary actions.
Date 2022/03/09
Target Products ・Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-

・Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
Target Rules xxe-ssci-qs-001

oscommandi-qs-001
xxe-qs-001
ssci-qs-001
headeri-qs-001
Changes Separate
xxe-ssci-qs-001
to 4 rules:
oscommandi-qs-001
xxe-qs-001
ssci-qs-001
headeri-qs-001
Note Current WAF Operation can be affected if there is some sort of setting (such as "excluded") applied to "xxe-ssci-qs-001." Please make sure to check the changes and take any necessary actions.

List of supported regions for AWS WAF

North And South America Region

Northern Virginia Ohio Oregon Northern California Montereal Sao Paulo AWS GovCloud(West) AWS GovCloud(East)
AWS WAF
CSC Managed Rule
AWS WAF CSC Managed Rule
Northern Virginia
Ohio
Oregon
Northern California
Montereal
Sao Paulo
AWS GovCloud(West)
AWS GovCloud(East)

Europe, Middle East & Africa Region

Ireland Frankfurt London Paris Stockholm Bahrain Cape Town Milan
AWS WAF
CSC Managed Rule
AWS WAF CSC Managed Rule
Ireland
Frankfurt
London
Paris
Stockholm
Bahrain
Cape Town
Milan

Asia Pacific Region

Tokyo Osaka Singapore Sydney Seoul Mumbai Jakarta Hong Kong Beijing Ningxia
AWS WAF
CSC Managed Rule
AWS WAF CSC Managed Rule
Tokyo
Osaka
Singapore
Sydney
Seoul
Mumbai
Jakarta
Hong Kong
Beijing
Ningxia

How to report false positives

If you are encountering problems such as false positives with your Cyber Security Cloud Managed Rules for AWS WAF, you should do the following:

  1. Exclude the specific rules that are blocking legitimate traffic. For more information about excluding rules, see this blog (https://www.wafcharm.com/en/blog/aws-waf-managed-rule-rulegourp-exception/).
  2. If excluding specific rules does not solve the problem, you can change the action for the Cyber Security Cloud ruleset from No override to Override to count.
  3. If you are not sure if your problem is related to the Cyber Security Cloud ruleset, your web ACLs, or your custom rules, contact AWS Support first.
  4. For issues related specifically to the Cyber Security Cloud ruleset, you can contact Cyber Security Cloud Support at
    aws-waf-support@wafcharm.com

To report false positives,

  • Log some requests that the rule has flagged as malicious requests.
  • Attach the requests to an e-mail.

How to unsubscribe

After you subscribe to Cyber Security Cloud Managed Rules, add the ruleset to your AWS WAF settings.

  1. Sign in to the AWS Management Console and open the AWS WAF console
  2. Remove the rule group from all web ACLs
  3. In the navigation pane, choose Marketplace.
  4. Choose Manage your subscriptions.
  5. Choose Cancel subscription next to the name of the rule group that you want to unsubscribe from.
  6. Choose Yes, cancel subscription.