For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RockBD's avatar
RockBD
Icon for Altocumulus rankAltocumulus
Jun 15, 2025

Can I use F5 Big-IP WAF as HoneyPot

Hi to all Can anyone tell me if there any way so that I an use F5 BIG-IP WAF as a HoneyPot. 
application delivery
security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jun 15, 2025

Hi RockBD​,

the answer is - it depends.
You cannot create a high interaction honeypot with ASM or with iRules.
With iRules you could do something like - if URL is /admin-login respond with a dummy form page.
Or an iRule that just responds 200 OK to everything and logs all requests.
In general, I see a honeypot more as something you would do with iRules rather then with ASM or LTM.

With ASM you could use anomaly detection to redirect suspicious traffic to a honeypot server.
Or, with the help of iRules, based on violations, you could redirect clients to a honeypot server.
Or, again with iRules, you could setup fake URLs and redirect them to a honeypot server. 

This github list a lot of honeypot systems: https://github.com/paralax/awesome-honeypots

 

Cheers
Daniel