Forum Discussion
AceHunter1965
Altostratus
AltostratusIntroducing new services to be covered by BIGIP WAF
Hey all! I work in a pretty large enterprise, and our BIGIP instances work as a gateway (both LTM & WAF) for a bunch of self-hosted services, including MLaaS services, OpenShift and more. We've rec...
boneyard
MVP
MVPYour second suggestion sounds most logical. Duplicate policy, enable learning and assign different policies with iRule or LTP based on host name.
Beyond that 100% no false positives always feels like a impossible target. In this case sure, you can make it hurt way less. But there will be incidents with WAF at some point if you change the environment.
You could also wonder if one policy for very different environement is a logical choice. If there very similar perhaps. But the more they differ, the more openings you create where they shouldn't be. You could look into parent and child policies and see if you can keep the exceptions more targetted.
