Forum Discussion

Nacreous

Aug 15, 2024

Server Technology specific WAF policies

Hi WAF experts, What's your opinion on using server technology-specific WAF policies instead of using kind of generic or high/medium rated policy? what are the pros and cons of using server techn...

security

Lidev

Nacreous

Aug 16, 2024

Hi,

Pros :
- Granular protection
- Reduced false positives
- Better Performance

Cons :
- High maintenance requirements
- Risk of overlooking general threats and limited scope of protection

For me, best solution is to use server technology and a set of attack signatures for generic detection + Top10 OWAP Attack vector (SQLi, XSS...) to cover as much of the attack surface as possible.

Regards

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Server Technology specific WAF policies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

Related Content

Introducing the F5 Threat Report: Strategic Threat Intelligence with Real-Time Industry and Technology Trends

Getting Started with iRules: Technology & Terms

Simplifying Kubernetes Ingress using F5 Technologies

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS