For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mElhoussini_204's avatar
mElhoussini_204
Icon for Nimbostratus rankNimbostratus
Aug 28, 2015

Server - Server integration through WAF

Hi,   our company requires integration with other companies servers (web based).   is that recommended to pass SVR-SVR traffic through WAF and apply SSL-offloading ? or WAF and SSL-offloading u...
ASM Advanced WAF
design
security
Amit_Karnik's avatar
Amit_Karnik
Icon for Nimbostratus rankNimbostratus
Aug 28, 2015

If your organization is sending traffic to other web-servers, then I would not do any WAF. The WAF is protecting the final web-servers from any potential attacks within the http content.

 

In this case, the web-servers are in another 3rd party organization. You would end up using your resources to sanitize/secure the http requests sent to those servers.

 

So I would not do it.

 

Having said that, there might be situations in which you might want it for response validations for information leakage, etc.

 

cheers.