For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RockBD's avatar
RockBD
Icon for Altocumulus rankAltocumulus
Jun 15, 2025

Can I use F5 Big-IP WAF as HoneyPot

Hi to all Can anyone tell me if there any way so that I an use F5 BIG-IP WAF as a HoneyPot. 
application delivery
security
RockBD's avatar
RockBD
Icon for Altocumulus rankAltocumulus
Jun 16, 2025

Do you have any links where I can learn about VS fronting a dummy app and a transparent ASM policy? 

Also, may I know why you are not suggesting not to host a honeypot in the production BIG-IP?

Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Jun 16, 2025

I don’t have a specific link describing this exact use case, but you can refer to this F5 lab: https://f5-agility-labs-waf.readthedocs.io/en/latest/index.html#
It walks you through setting up a basic transparent WAF policy.

As for the backend app, you could use something lightweight and isolated, like a Docker container running Hackazon or OWASP Juice Shop.
Alternatively, you could have the F5 itself respond with a simple 200 OK to all requests.

Just keep in mind, exposing such a setup to the internet will likely attract a lot of unwanted traffic. Unless you have excess resources you don’t mind consuming, I wouldn’t recommend using your production F5 for this purpose.