I’m using F5 products for couple of years, and always use F5 WAF for external users (Untrust zone)
now try to enable it for internal users to protect a web server (confluence (tomcat)).
after I enable F5 WAF we have lot performance and functional issue on Confluence,
FYI 1: F5 work on learning mode not blocking mode.
now one question come to my mind, is it logical to use F5 WAF protection for this web server?
FYI 2: this server has no internet connection. Not published on internet. Only internal users in LAN able to access this server.
FYI 3: I see lot’s of people have issue with confluence and F5.
You mean that F5 ASM policy is in transperant mode and you still get performance and functional issues?
Have you checked the F5 ASM CPU and Memory as the learning mode may cause high cpu if there is a lot to learn and I see that the confluence causes a lot of false postives (you may also upload a qkview to ihealth and check the CPU and memory and found bugsfor the ASM from the security tab in ihealth):
Also do you add a lot of files on the Confluence as you may need to read: