Forum Discussion

Nacreous

Aug 15, 2024

Server Technology specific WAF policies

Hi WAF experts, What's your opinion on using server technology-specific WAF policies instead of using kind of generic or high/medium rated policy? what are the pros and cons of using server techn...

security

zamroni777

Nacreous

Aug 17, 2024

in my opinion, your should use that server tech configuration as detailed as possible to avoid false positives and also reduces unnecessary signature checks

Linux and Windows servers, php and node js, etc. have different syntax so you should not use windows specific signatures on Linux server, etc.

i suggest invite the infra and app team to meeting to configure that settings

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Server Technology specific WAF policies

Recent Discussions

F5 Access 3.1.0 for Android problem

iRule to Change Default Pool (not redirect to another pool)?

What is the best practice for migrating from iseries to rseries?

iRule to Force Source IP to Specific Backend Node

checking the fan status on the device.

Related Content

Access policy, LTM policy and iRules

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

Evaluate WAF Policy with BIG-IQ Policy Analyzer

Monitor LTM policy

WAF Policy Editor - a Web-Based Tool to Configure a Declarative WAF Policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS