I am pretty new to F5 devices, specifically F5 WAF. I came to know about the Devcentral community few months back but never checked it. Now today I have registered here and so hoping for better learning from F5 standpoint.
I had small query. We have F5 WAF and it is in blocking mode. I am just handling operations part of it. The policy is configured by someone else. Now whenever someone report issue we check the logs on WAF and if it is seeing blocked of WAF. We verify the request and accepts it once we find it legitimate.
So I know once I accept it, it starts working. I am curious to know the changes that happens behind this action. Please explain
25-Aug-202101:15 - last edited on 24-Mar-202201:20 by li-migration
Hi
Welcome to Devcentral. You can find detailed information about AWAF previously ASM on Youtube. As for your question, I am assuming you are referring to traffic learning. Based on this, when you applied a suggestion F5 basically changed the attributes of that particular setting or entity. The changes can be verified under application security sub-menu or learning and blocking settings.
25-Aug-202101:15 - last edited on 24-Mar-202201:20 by li-migration
Hi
Welcome to Devcentral. You can find detailed information about AWAF previously ASM on Youtube. As for your question, I am assuming you are referring to traffic learning. Based on this, when you applied a suggestion F5 basically changed the attributes of that particular setting or entity. The changes can be verified under application security sub-menu or learning and blocking settings.
