Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Abed_AL-R's avatar
Abed_AL-R
Icon for Cirrostratus rankCirrostratus
Mar 24, 2022

Managing many WAF policies

Hello guys My question is more likely to be administrative question, and less technical. And I need some advices on this. We're managing so many WAF policies for so many websites. About 50+ policie...
F5
policies
security
waf
xRes's avatar
xRes
Icon for Cirrus rankCirrus
Mar 25, 2022

Hi

I think you need to change the approach to your WAF implementation and maintaining policies. With this amount of policies and learning suggestions you cannot do it efficiently "by hand". Involving developers each and every time is not a good approach too - sooner or later they will hate you and end-up with answers "this is good - accept this" 🙂 Developers should not be the only source of truth - usually they do not know much about security. Do they know what modules are installed on servers if they do not use them? These modules may be exploitable and you should worry about these too.

You may find this article helpful: https://support.f5.com/csp/article/K07359270

Regards

xRes

Related Content