-
injecting JA4 TLS fingerprint into every HTTP request as header
I'd like to inject the Ja4 tls fingerprint as a request header into every request sent to the origin. why: to have a relatively unique signature we can track that will be included in all the stacks upstream for correlation and to allow upstream ac...0 Planned
-
Login error should be notified in multiple selectable ways.
When login fails, a Login error e-mail is sent to the account that failed to login. ********(e-mail sample) Login error A failed login attempt was detected to your account on Mon Nov 11 04:11:54 UTC 2024. If this was not you, please contact F5 sup...0
-
Support a new action for malicious user mitigation methods
We currently support CAPTCHA, Block and JS challenge. If we can support 'Header Inserion' as a new action for the malicious user detection feature, customers can consume that the suspicion score in other security devices.
3
-
Reporting Enhancement for Low and Slow DDoS Attack reporting
Dear all During the troubleshooting of a deployment we were experiencing HTTP response codes of 408, without understanding the reason. Opening a support ticket we were informed that the HTTP POST was identified as a Low and Slow and the 408 was th...0
-
DDOS protection dashboard
There is currently no dashboard displaying the status of the DDOS protection. It would be nice to have some metrics like standard traffic levels, usual attack types, burst absorbed, etc.0
-
Audit Log Alerting - non-SSO log in
There is a risk concern around the ability of a tenant admin to log in directly or through SSO (Oauth) to our tenant. I would like the ability to alert when a non-SSO log in occurs as we adopt a policy that non-SSO log in is only performed for eme...0
-
CE Admin password - enforce strict password policy
Issue: When a cloud site (AWS/Azure/GCP) is deployed, there is a new feature implemented where the admin password can be set. This password does not enforce any policy. I can use a simple password like asd123. Admin password should enforce a stric...0
-
Add IP prefix controls to Load Balancer routes or Add WAF policy ability of selection to service policies.
Using Service Policies we can select and exclude IPs prefixes but these controls will only apply to the WAF policy defined on the Load Balancer , for now there is no way to choose which WAF policy should or should not apply.On the other hand Route...0
-
configure allowed egress domains in Client Side Defense (CSD) allowed list
why - Today CSD (Client Side Defense) mitigates on a per JavaScript/domain combo which means each time a new script or a new domain shows up we have to act to mitigate. It would be more efficient to define an allowed list of domains, domains JS is... -
Auto-Mitigation feature of CSD
WAAP's CSD(Client-Side Defense) can detect web skimming threats, but it doesn't automatically mitigate them. Users need to regularly check the console and set up mitigation manually if issues arise. But with AWAF Ver. 17.1.0's CSD profile, mitigat...1