Forum Discussion

AmineZAKARIA's avatar
AmineZAKARIA
Icon for Nimbostratus rankNimbostratus
Feb 03, 2025

F5 AWAF Policy learning phase opinion

Hello,

 

Hope you are doing well!

 

I am new to f5 AWAF and am wondering on what is the recommended way to protect and app published on the internet, afaik in the learning phase with transparent mode or blocking mode with staging enabled the attack won't be blocked.

 

Since testing the app locally is not always an option, Is it optimal to set the policy into blocking mode/Enforce/disable learn only for the high attack signatures, at the same time i put other entities into staging (Cookies, URL, parameters, ...) with automatic policy building for learning ? What do you think ? at least i will be sure the high attack won't pass to the app.

 

Thanks.

Regards!

Amine