Not able to see conditions
- Not being able to see actual conditions defined in the ruleset makes it too hard to white list URLs for specific OWASP conditions. Wish there is a place to see all readonly conditions of this ruleset.
- We can see requests getting blocked but we don't know why. The samples just show the Ruleset name and not the actual reason for blocking the requests. Like "SQLi" or "XSS" or "Force browsing" etc.,
Overall, If I subscribe to this ruleset, all of it seems like a Blackbox and requests are getting magically blocked, which is not good.
Thank you for trying out Fortinet's WAF Ruleset and providing feedback. We understand your need for more visibility on why a request is being blocked. AWS did announce recently a comprehensive logging support to help you better understand why certain web requests are blocked. AWS also announced rule group exceptions that allows you to override individual rules with a managed rule group. Now you can choose which rules within the rule group should be excluded and set in count-only mode, preventing those rules from blocking a request. Here are links to learn more about these updates: 1. https://aws.amazon.com/about-aws/whats-new/2018/08/aws-waf-launches-new-comprehensive-logging-functionality/ 2. https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html If more advanced features and visibility is required, please check out Fortinet FortiWeb which is our Web Application Firewall solution. FortiWeb gives you the ability to visualize and drill-down into key elements such as server/IP configurations, attack and traffic logs, attack maps, OWASP Top 10 attack categorization, and user activity. You can learn more about FortiWeb at: https://www.fortinet.com/products/web-application-firewall/fortiweb.html