For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jaspreetgurm's avatar
Jaspreetgurm
Icon for Altocumulus rankAltocumulus
Jul 15, 2021

Apache proxy vs F5 WAF

We are looking to replace existing apache proxy with F5 WAF solutions.   Currently apache server handling different urls and ssl ciper suite to each sub urls. can all functionality achieve by F5 ...
application delivery
ASM Advanced WAF
iRules
security
AlexBCT's avatar
AlexBCT
Icon for Cumulonimbus rankCumulonimbus
Jul 16, 2021

Hi Jaspreet,

 

Short answer; yes ;)

Long answer; AdvWAF normally uses LTM Local Traffic Policies (https://support.f5.com/csp/article/K04597703), to select different WAF policies for different URL's (for example, if the language/character sets are different for different URI's in an application) and this works very well. Within the WAF policy you can then further customize any protections you want.

 

Regarding SSL cipher suites, you can configure these under LTM SSL profiles and create multiple different entries depending on domain names and such. Please note though that the exact URI (anything after the domain name) that clients connect to is only readable once the traffic has been decrypted, and as such, a selection of the right WAF policy can only be made AFTER SSL decryption has happened.

 

Hope this helps.

Jaspreetgurm's avatar
Jaspreetgurm
Icon for Altocumulus rankAltocumulus
Jul 20, 2021

thanks Alex