For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JaZy's avatar
JaZy
Icon for Cirrus rankCirrus
Oct 23, 2025
Solved

XC -Web Application Firewall - Exclude FQDN but log security events

Hello all,   I have LB with many FQDNs. LB is with block waf policy. I want to add new application with another FQDN to same LB. During application onboarding I want to first review security events...
application delivery
security
  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Oct 23, 2025

    you can have different waf policy per fqdn or even per path
    Having multiple fqdns under same LB i gues you are already using routes
    so under routes advanced options  you can also select not to inherit LB's Waf but apply another one

Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Oct 23, 2025

Hi JaZy​ 

you can apply a new waf policy for tne new fqdn with enforcemenet mode setted to "Monitoring"
so you will block nothing but any violation will be logged

JaZy's avatar
JaZy
Icon for Cirrus rankCirrus
Oct 23, 2025

Hi Injeyan_Kostas​,

 

How I can add additional WAF policy to the current LB?

I can Disable/Enable WAF. When it's enabled I can choose one security policy per LB. In case that I will change policy to "Monitoring" all applications will be in "Monitoring mode" instead "Block".

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Nacreous rankNacreous
    Oct 23, 2025

    you can have different waf policy per fqdn or even per path
    Having multiple fqdns under same LB i gues you are already using routes
    so under routes advanced options  you can also select not to inherit LB's Waf but apply another one

    • JaZy's avatar
      JaZy
      Icon for Cirrus rankCirrus
      Oct 23, 2025

      Found it!

      Thank you.