For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RockBD's avatar
RockBD
Icon for Altocumulus rankAltocumulus
Jun 15, 2025

Can I use F5 Big-IP WAF as HoneyPot

Hi to all Can anyone tell me if there any way so that I an use F5 BIG-IP WAF as a HoneyPot. 
application delivery
security
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Jun 15, 2025

You could have a VS fronting a dummy app and assign a transparent ASM policy logging all requests.

But is it really a honeypot? Definitely not.

And of course do not use a production BIG-IP for such case.

RockBD's avatar
RockBD
Icon for Altocumulus rankAltocumulus
Jun 16, 2025

Do you have any links where I can learn about VS fronting a dummy app and a transparent ASM policy? 

Also, may I know why you are not suggesting not to host a honeypot in the production BIG-IP?

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Nacreous rankNacreous
    Jun 16, 2025

    I don’t have a specific link describing this exact use case, but you can refer to this F5 lab: https://f5-agility-labs-waf.readthedocs.io/en/latest/index.html#
    It walks you through setting up a basic transparent WAF policy.

    As for the backend app, you could use something lightweight and isolated, like a Docker container running Hackazon or OWASP Juice Shop.
    Alternatively, you could have the F5 itself respond with a simple 200 OK to all requests.

    Just keep in mind, exposing such a setup to the internet will likely attract a lot of unwanted traffic. Unless you have excess resources you don’t mind consuming, I wouldn’t recommend using your production F5 for this purpose.