Forum Discussion

Nacreous

Aug 15, 2024

Server Technology specific WAF policies

Hi WAF experts, What's your opinion on using server technology-specific WAF policies instead of using kind of generic or high/medium rated policy? what are the pros and cons of using server techn...

security

Lidev

MVP

Aug 16, 2024

Hi,

Pros :
- Granular protection
- Reduced false positives
- Better Performance

Cons :
- High maintenance requirements
- Risk of overlooking general threats and limited scope of protection

For me, best solution is to use server technology and a set of attack signatures for generic detection + Top10 OWAP Attack vector (SQLi, XSS...) to cover as much of the attack surface as possible.

Regards

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Server Technology specific WAF policies

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Access policy, LTM policy and iRules

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

Evaluate WAF Policy with BIG-IQ Policy Analyzer

Monitor LTM policy

WAF Policy Editor - a Web-Based Tool to Configure a Declarative WAF Policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS