-
Allow disabling L7 DDoS per load-balancer
While we typically want this protection, it is not acceptable to have a feature forcibly and permanently enabled that we have no control over.Planned
-
DDOS protection dashboard
There is currently no dashboard displaying the status of the DDOS protection. It would be nice to have some metrics like standard traffic levels, usual attack types, burst absorbed, etc. -
Sensitive parameter masking in service policy
Challenge: F5’s API Security service persistently stores request and response bodies in XC’s GCE (log storage in France and Germany) without allowing customers to mask those request and response bodies at the edge before being sent to F5's infrast...Planned
-
Make the WAF exclusion rule statistics
We would like to track and get a statistics report for all the WAF exclusions we might have added to our Tenant. That way we can also get an idea on how to remediate and remove that exclusion in future. -
Add multiple decoding check
Malicious payloads decoded more than 3 times are passing without any violation raised for example:":path\":\"/item/57328/1/59721?test=%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%... -
Add blocking action for CSD Client Side Defense
why - Today CSD only provides the option to "Add Justification". For those scripts that do NOT have a justification it makes sense to have an option to do the opposite, block. who - Security engineers would use this to mitigate maliciously injecte... -
If XC cannot enforce TLS Security Level, provide warning message
We recently ran into this issue: https://f5cloud.zendesk.com/hc/en-us/articles/24793738208151-Why-is-TLSv1-0-1-1-enabled-for-F5-XC-HTTP-LB-even-though-TLS-setting-is-High When the same certificate is used for multiple Load Balancers on the same VI... -
more details within the automated service policy alerts
We would like to add useful information such as what service FQDN was attacked and by whom for example. -
Create additional monitoring-only options for WAF
You cannot simultaneously log low+medium accuracy attack signatures while blocking high accuracy attack signatures. A WAF must allow for more granular logging+blocking selections. -
Disable specific Signature IDs from being allowed with AI/ML Model
We're seeing some signature IDs coming though we'd like to block, but AI/ML is allowing these signature IDs. Ideally we'd be able to create an exception within the console on specific signature IDs to not be evaluated by AI/ML so we can enforce th...
