For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

小白's avatar
小白
Icon for Cirrus rankCirrus
Feb 24, 2022

Execution order of policy

Hi,I know that for a program, there must be a sequence of execution, so what is the sequence of ASM policy?I want to know the order of various protection strategies in a policy. For example, compared with SQL injection and XPath injection, who takes effect first, and what is the order of other protection strategies?

policy
security

2 Replies

  • AlexBCT's avatar
    AlexBCT
    Icon for Cumulonimbus rankCumulonimbus
    Mar 06, 2022

    Hi, Is there a particular function you would like to know this for? It may help get you to the answer. 

    Do keep in mind though that the WAF system works on an "all-match" strategy (all components that are active and get matched will be reported), rather than a "first-match" strategy (like a firewall policy). 

    • 小白's avatar
      小白
      Icon for Cirrus rankCirrus
      Mar 07, 2022

      Obviously, when the blacklist and injection exist at the same time, the blacklist must take effect first, isn't it? Then I believe there is a sequence for the same strategy