-
Increase spec.more_option.strict_sni_host_header_check_choice.additional_domains.domains to 100
Currently the limit is 52. Increasing to 100 would almost double the size. The use case is for cSSE which uses the volterra ingress controller to set up http loadbalancers. The domains are not controlled by us but by customers. Nginx which is used...1
-
allow WAF exclusion rules to match request headers
The current WAF exclusion rule allows rules to be applied based on the domain, path and method. These are all aspects of the http request. It would be great if this could be extended to the http request headers. For example, only performing the ex...0
-
URL/URI Exemption for DDOS for false positive traffic
Would like to request if URL/URI exemption can be excluded in DDOS scanning? So that specific URL/URI path will not be terminated by DDOS protection but still other URL/URI path of the website can be protected. Currently we have client wherein...0
-
On HTTP Load Balancers allow certificate files up to 20 kB.
When importing a TLS certificate, the upload file function restricts the file size for PEM or PKCS12-encoded certificate to 10 kB. A custom certificate we are trying to use on F5 Distributed Cloud load balancers are 14 kB with the full cert chain ...1
-
Disable weak ciphers in Customer Edges
Hi, Our security team is reporting the CEs allow connections on weak ciphers. Negotiated with the following insecure cipher suites: * TLS 1.2 ciphers: * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA0
-
Install Private CA cert on Customer Edges
Hi, Our security team would like us to install certs from our Private CA on the Customer Edges. The cert provided by the CEs are expired and untrusted. -
ACME client support on CE Nodes connecting to a Private CA.
Currently the only two methods for Certificate management are to upload certs and CAs via the console or make a script to upload the cert via an API call. It would be ideal if the CE Node could use an ACME client, to communicate with a private CA ...1 Planned
-
Greater control of Let's Encrypt certificates
When auto generating certificates from Let's Encrypt it would be helpful to be able to define the certificate parameters. For example, defining key length, signing algorithm and certificate duration would give teams greater control. It would also ...0
-
health check 'test' button for origins
why - without a test function, I find I'm often breaking the entire application when I create new health checks due to some minute syntactical error like a miss spelling of the path or expecting a 301 instead of a 302, or forgetting to include a r... -
Ability to run curl commands on CE via the Console
This is to make it easier to troubleshoot connectivity issues to Origin servers. This is currently available via the serial console, but ability to do it under Site > Tools would simplify troubleshooting. We already have tools like ping and tcp...1