We are looking to replace existing apache proxy with F5 WAF solutions.
Currently apache server handling different urls and ssl ciper suite to each sub urls. can all functionality achieve by F5 WAF ?
is this good idea? need expert advise. 🙂
Short answer; yes 😉
Long answer; AdvWAF normally uses LTM Local Traffic Policies (https://support.f5.com/csp/article/K04597703), to select different WAF policies for different URL's (for example, if the language/character sets are different for different URI's in an application) and this works very well. Within the WAF policy you can then further customize any protections you want.
Regarding SSL cipher suites, you can configure these under LTM SSL profiles and create multiple different entries depending on domain names and such. Please note though that the exact URI (anything after the domain name) that clients connect to is only readable once the traffic has been decrypted, and as such, a selection of the right WAF policy can only be made AFTER SSL decryption has happened.
Hope this helps.