-
Cloud credentials should be marked or show asterisks while entering the secrets values
Currently, the F5 distributed Cloud platform is showing cloud credentials in a clear-text while entering the secrets key/values. Which is a common security concern that any secret key or private key values should not shown as a plain-text. I hav... -
Security Analytics: Filter more granularly
In Security analytics menu, it will be really useful to be able to filter for partial keywords not just exact values. It will speed the time for a quick investigation in case of an incident. Thanks -
show request ID in a custom error response
I would like to request the {{request_id} variable calls within the error response body in a custom error response. -
Send Request and Response Payloads in the Global Log Receiver's Request Logs
Add the payloads of both the request and response when sending request logs to a global log receiver, there is already a key for each of them (req_body and rsp_body) -
WAF exclusion rule to be reused by multiple LB
Customer doing PoC and request to re-use WAF exclusion rules in a global level, as current settings require customer to create WAF exclusion policy on LB level. -
Ability to move Tenant Access configuration to only be configurable by Tenant Owner
Removing the ability for "standard" users to be able to change the Tenant Access configuration can help with various compliance requirements (such as PCI) if the customer has no need for the feature -
Ability to move Service Credentials configuration to only be configurable by Tenant Owner
Removing the ability for "standard" users to be able to change the Service Credentials configuration can help with various compliance requirements (such as PCI) if the customer has no need for the feature -
Ability to move Tenant Access configuration to only be configurable by Tenant Owner
Removing the ability for "standard" users to be able to change the Tenant Access configuration can help with various compliance requirements (such as PCI) if the customer has no need for the feature -
OpenAPI Editor(Swagger)
OpenAPI validator is a powerful tool to enforce the positive API security model for organizations. XC WAAP has the capability to validate the API traffic based on the defined details of the OAS file, and this can be used very powerful security too...
-
response code 0
When a response is generated by F5 XC LB, "Error 504 - Gateway Timeout" for example, the response code in a security event is 0 ("rsp_code": "0"). Could we have the response code of the reponse generated by F5 XC LB?
