Forum Discussion

AceHunter1965

Altostratus

Feb 10, 2023

Introducing new services to be covered by BIGIP WAF

Hey all! I work in a pretty large enterprise, and our BIGIP instances work as a gateway (both LTM & WAF) for a bunch of self-hosted services, including MLaaS services, OpenShift and more. We've rec...

security

boneyard

MVP

Feb 12, 2023

Your second suggestion sounds most logical. Duplicate policy, enable learning and assign different policies with iRule or LTP based on host name.

Beyond that 100% no false positives always feels like a impossible target. In this case sure, you can make it hurt way less. But there will be incidents with WAF at some point if you change the environment.

You could also wonder if one policy for very different environement is a logical choice. If there very similar perhaps. But the more they differ, the more openings you create where they shouldn't be. You could look into parent and child policies and see if you can keep the exceptions more targetted.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Introducing new services to be covered by BIGIP WAF

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

certitcate error

Layered ASM for APM login page protection

migrate from serie I to R. Cluster LTM-GTM

APM URL encoding Hardening?

Trial License for F5 virtual edition in eve-ng

Related Content

Introducing F5 Insight for ADSP

Introducing F5 AI Guardrails

Introducing the F5 Application Study Tool (AST)

Introducing F5 AI Red Team

Introducing the New F5 Bot Defense Self-Service UI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS