Forum Discussion
crodriguez
Sep 18, 2019Ret. Employee
Is it possible your F5 RuleGroups were not configured to block but rather to just count violations? Per K21015971:
Configuring RuleGroups
You configure a RuleGroup with one of two Action values: Block or Count. When a RuleGroup Action is set to Block, it blocks traffic, and when it is set to Count, the following behaviors occur:
- Traffic is allowed to pass through AWS WAF, even when the traffic matches the conditions of a rule.
- Traffic that matches the conditions of a RuleGroup generate CloudWatch metrics, which you can use for troubleshooting.
- tbriotSep 18, 2019Altocumulus
I confirm the rule group has NOT been set to Count.
Btw, the https://support.f5.com/csp/article/K21015971 page seems a little bit outdated. The Actions are named 'No override' (instead of Block) and 'Override to count (instead of Count)'. See AWS documentation: https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html.