Introducing new services to be covered by BIGIP WAF
Hey all!
I work in a pretty large enterprise, and our BIGIP instances work as a gateway (both LTM & WAF) for a bunch of self-hosted services, including MLaaS services, OpenShift and more.
We've recently had several new services added to our internal network (each can be identified by its' own hostname, e.g. my-new-service.internal), and we wish those to be covered by the same WAF policy, and also accessible through the same LTM virtual listener (there is a single listener for the entire internal network). Problem is, there cannot be WAF blocks due to false positives, so we need a way to only enable learning (non-blocking) mode for the new hosts, until the WAF policy acclimatizes to the new hosts.
Is there something we can enable to create a 1-week learning period for new hosts, or alternatively redirect new hosts to a non-blocking policy?
Thanks!