Forum Discussion
CirrusXC -Web Application Firewall - Exclude FQDN but log security events
you can have different waf policy per fqdn or even per path
Having multiple fqdns under same LB i gues you are already using routes
so under routes advanced options you can also select not to inherit LB's Waf but apply another one
MVPJust use local traffic policy to add the waf policy for the Hostname header and as Injeyan_Kostas mentioned in "Monitoring".
CirrusWould be possible to point me when I can find such configuration or some link to KB article?
In BIG-IP solution it's clear but seems that I am little lost in XC solution.
- Nikoolayy1
You can make an XC route and attach separate waf policy. Just play on a test HTTP LB and see under an XC route the advanced options to select your own waf Policy not the default under the HTTP LB itself. Sorry did not see that you are talking about XC.
Example nice article F5 Distributed Cloud Per-Route WAF
Just remember that the route should match match on Host header and be placed at the top. Other than that WAF exclusion rules or Service policy WAF exclusions need to also match the Host header as they otherwise will be global for the HTTP LB. The service policy has a nice domain match option that is better than matching the host headers by the way 😉
