-
Audit Log Alerting - non-SSO log in
There is a risk concern around the ability of a tenant admin to log in directly or through SSO (Oauth) to our tenant. I would like the ability to alert when a non-SSO log in occurs as we adopt a policy that non-SSO log in is only performed for eme...0
-
CE Admin password - enforce strict password policy
Issue: When a cloud site (AWS/Azure/GCP) is deployed, there is a new feature implemented where the admin password can be set. This password does not enforce any policy. I can use a simple password like asd123. Admin password should enforce a stric...0
-
Add IP prefix controls to Load Balancer routes or Add WAF policy ability of selection to service policies.
Using Service Policies we can select and exclude IPs prefixes but these controls will only apply to the WAF policy defined on the Load Balancer , for now there is no way to choose which WAF policy should or should not apply.On the other hand Route...0
-
If XC cannot enforce TLS Security Level, provide warning message
We recently ran into this issue: https://f5cloud.zendesk.com/hc/en-us/articles/24793738208151-Why-is-TLSv1-0-1-1-enabled-for-F5-XC-HTTP-LB-even-though-TLS-setting-is-High When the same certificate is used for multiple Load Balancers on the same VI...0
-
Allow Site Access Based on Source MAC Addresses
Enhance security measures of our site and would like to implement the following Allow Access Based on Source MAC Addresses: Access to LB site should be restricted to specific source MAC addresses that we will provide. Only these authorized MAC add...0 Will not implement
-
DDOS protection dashboard
There is currently no dashboard displaying the status of the DDOS protection. It would be nice to have some metrics like standard traffic levels, usual attack types, burst absorbed, etc.0
-
F5 XC internally maintained IP prefix sets by F5 that can be used in Service Policies or Malicious Users configs
The idea is that if there is a need to enable the Malicious Users feature to check with Javascript or Captcha to be able to bypass the checks for example for google good bots etc. with a predefined ip prefix set. The F5 XC Bot Defense already has ...0
-
Increase OpenAPI/Swagger Spec File Limit
Currently only 10 files may be enforced on a load balancer. This is far too few.0
-
Support a new action for malicious user mitigation methods
We currently support CAPTCHA, Block and JS challenge. If we can support 'Header Inserion' as a new action for the malicious user detection feature, customers can consume that the suspicion score in other security devices.
3
-
Auto-Mitigation feature of CSD
WAAP's CSD(Client-Side Defense) can detect web skimming threats, but it doesn't automatically mitigate them. Users need to regularly check the console and set up mitigation manually if issues arise. But with AWAF Ver. 17.1.0's CSD profile, mitigat...1