-
Selectively enable CVE signatures
There is only on or off for "threat campaigns" or CVE attack signatures. This does not make any sense.0 Planned
-
Add blocking action for CSD Client Side Defense
why - Today CSD only provides the option to "Add Justification". For those scripts that do NOT have a justification it makes sense to have an option to do the opposite, block. who - Security engineers would use this to mitigate maliciously injecte...0
-
Ability to upgrade NGINX Plus proxy servers through the Console.
The Console already talks to the agent on the proxy servers, so why not be able to upgrade the nginx plus version to a new patch or version, especially to quickly address a security issue. The Console could use the Config Sync Groups to apply a fi...0
-
If XC cannot enforce TLS Security Level, provide warning message
We recently ran into this issue: https://f5cloud.zendesk.com/hc/en-us/articles/24793738208151-Why-is-TLSv1-0-1-1-enabled-for-F5-XC-HTTP-LB-even-though-TLS-setting-is-High When the same certificate is used for multiple Load Balancers on the same VI...0
-
Create additional monitoring-only options for WAF
You cannot simultaneously log low+medium accuracy attack signatures while blocking high accuracy attack signatures. A WAF must allow for more granular logging+blocking selections. -
Disable specific Signature IDs from being allowed with AI/ML Model
We're seeing some signature IDs coming though we'd like to block, but AI/ML is allowing these signature IDs. Ideally we'd be able to create an exception within the console on specific signature IDs to not be evaluated by AI/ML so we can enforce th...1
-
DDOS protection dashboard
There is currently no dashboard displaying the status of the DDOS protection. It would be nice to have some metrics like standard traffic levels, usual attack types, burst absorbed, etc.0
-
Reporting Enhancement for Low and Slow DDoS Attack reporting
Dear all During the troubleshooting of a deployment we were experiencing HTTP response codes of 408, without understanding the reason. Opening a support ticket we were informed that the HTTP POST was identified as a Low and Slow and the 408 was th...0
-
Create report for expiring certs that can be scheduled
We're migrating from Silverline, where we have a weekly report that gets mailed to us with a list of expiring certificates. This way, we can check for certs that need to be updated without having to log into the system (no need for that if ther ar...1
-
Sensitive parameter masking in service policy
Challenge: F5’s API Security service persistently stores request and response bodies in XC’s GCE (log storage in France and Germany) without allowing customers to mask those request and response bodies at the edge before being sent to F5's infrast...0 Planned