-
Implement Malicius User Detection Sharing between Regional Edges
At the moment if a malicious user detection blocks a client not on layer 3 ip address but using user identification policies on something else like TLS fingerprint + header or Cookie this data is not shared between the RE so if an attacker goes to...0
-
DDOS protection dashboard
There is currently no dashboard displaying the status of the DDOS protection. It would be nice to have some metrics like standard traffic levels, usual attack types, burst absorbed, etc.0
-
Add blocking action for CSD Client Side Defense
why - Today CSD only provides the option to "Add Justification". For those scripts that do NOT have a justification it makes sense to have an option to do the opposite, block. who - Security engineers would use this to mitigate maliciously injecte...0
-
Sensitive parameter masking in service policy
Challenge: F5’s API Security service persistently stores request and response bodies in XC’s GCE (log storage in France and Germany) without allowing customers to mask those request and response bodies at the edge before being sent to F5's infrast...0 Planned
-
Accurate WAF Status in Load Balancer Table
Update the Security Dashboard’s Load Balancer table to reflect the effective WAF status from route settings, avoiding misleading “disabled” labels when WAF is actually enabled via routes. Also update the "Active configuration" widget with the same...0
-
Custom Response Codes and Actions for Service Policy Events
Enable customizable response codes, HTTP redirects, and packet capture on service policy events to evade attacker detection and support deeper analysis. -
Role to can use AI feature for users with limited access
We have a request where a customer asks us to grant access to the AI feature to a specific user, limiting their access to only a specific namespace instead of assigning them privileges on the system namespace. In short, a user who has access to ...0
-
If XC cannot enforce TLS Security Level, provide warning message
We recently ran into this issue: https://f5cloud.zendesk.com/hc/en-us/articles/24793738208151-Why-is-TLSv1-0-1-1-enabled-for-F5-XC-HTTP-LB-even-though-TLS-setting-is-High When the same certificate is used for multiple Load Balancers on the same VI...0
-
More mitigation options on Security Analytics
In Security Analytics, in certain cases we see suspicious Bots allowed (which is fine when action is set to Report) but there are nuances to these cases where some Bots are expected and some aren't nor desirable. In cases where it is hard to build...0
-
Create additional monitoring-only options for WAF
You cannot simultaneously log low+medium accuracy attack signatures while blocking high accuracy attack signatures. A WAF must allow for more granular logging+blocking selections.0