Forum Discussion
Sushant
Altostratus
AltostratusPlacing F5 between application and database
What are the Pros and Cons of placing F5 between application and database ?
The WAF would not do the policy enforcement on SQL level, but the database security product. The database security would signal the result to the WAF and then the WAF would either allow the request to pass or not.
SushantAltostratus
AltostratusTrying to get big ip into the middle and use some of the negative as well as positive security models if possible ? How relevant is this Daniel in context of providing better security ?
Daniel_Wolf
MVP
MVPI assume you have BIG-IP AdvWAF already in front of the application, in order to prevent application layer attacks like injection attacks or well-known attack against the database management system (Attack Signatures and/or TC).
The BIG-IP WAF is a Web Application Firewall. Adding it between the app and the database will not add any value, because this is not http traffic but sql traffic. You cannot apply any security policies here.
If you have a requirement to implement a firewall that is capable to look into sql traffic and to protect databases (additional to the protection that BIG-IP offers on the application level) - there are other vendors who offer database security products.