Hope this is an easy one to answer. I've looked through documentation on both subjects but couldn't find an answer (or was just not looking hard enough).
So I've got both Bot Management and WAF features enabled on a device. Let's say I have a Bot Management policy that is bound default globally and has a policy expression of "true". And I've got a WAF policy bound to a VIP with an expression of "true". Which will run first? The Bot Management policy or the WAF policy? I would imagine the Bot protection would run first to sort of screen the deluge of requests that come from bots of all types? What if the WAF policy is also bound default globally with an expression of "true"? Or does that even matter with the run order?
Question
Anthony Alarcon
Hope this is an easy one to answer. I've looked through documentation on both subjects but couldn't find an answer (or was just not looking hard enough).
So I've got both Bot Management and WAF features enabled on a device. Let's say I have a Bot Management policy that is bound default globally and has a policy expression of "true". And I've got a WAF policy bound to a VIP with an expression of "true". Which will run first? The Bot Management policy or the WAF policy? I would imagine the Bot protection would run first to sort of screen the deluge of requests that come from bots of all types? What if the WAF policy is also bound default globally with an expression of "true"? Or does that even matter with the run order?
Link to comment
2 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now