-
Add an header value criteria in WAF Exclusion Rules
Sometimes is useful to exclude WAF processing for some headers value (e.g. based on Content-Type value) to avoid false positives. Today the exclusions rule filter doesn't include headers or headers value. This is now achiavable using routes, but i...6 Will not implement
-
Display SSO configuration on XC Console
Upon configuration and integration of SSO with F5XC Console, console no longer display SSO configuration setting. This make it hard to troubleshoot and investigate information input after the SSO configuration.
3
-
Add IP prefix controls to Load Balancer routes or Add WAF policy ability of selection to service policies.
Using Service Policies we can select and exclude IPs prefixes but these controls will only apply to the WAF policy defined on the Load Balancer , for now there is no way to choose which WAF policy should or should not apply.On the other hand Route...0
-
F5 XC internally maintained IP prefix sets by F5 that can be used in Service Policies or Malicious Users configs
The idea is that if there is a need to enable the Malicious Users feature to check with Javascript or Captcha to be able to bypass the checks for example for google good bots etc. with a predefined ip prefix set. The F5 XC Bot Defense already has ...0
-
Resolve external file references in OpenAPI/Swagger spec files
The console rejects OAS files with external file references. If XC is going to claim to have OAS enforcement, it must support external file references between uploaded files.0 Planned
-
Increase OpenAPI/Swagger Spec File Limit
Currently only 10 files may be enforced on a load balancer. This is far too few. -
Alerts for underlying infrastructure deployments
If, for example, an advertisement policy fails to deploy correctly for a load balancer, there is no notification or alert. -
Rename Load Balancers
It would be good to be able to rename load balancers once they have been created. This would aid changing in naming conventions.0
-
Explain with AI for Signature Triggered Events
We have played with the new feature "Explain with AI". We have seen that in case the block is triggered by a signature ( injection, XSS, etc) it is not providing the detection context ( where it was see , what specific path triggered it, etc). The...0
-
GLR to AWS Cloudwatch and S3 to support authentication via AssumeRole
Currently GLR config to stream logs to AWS services such as Cloudwatch and S3 requires user to provide AWS credentials in the form of an API key. Customer does not see handing out API keys to third party as secure practice. Ask is to support authe...0