F5 Distributed Cloud > F5 Distributed Cloud 102 - WAF/WAAP Deeper Dive Source | Edit on
2. Lab 1: Deploying and Managing F5 Distributed Cloud Web Application Firewall Configuration¶
Warning
If you ran the F5 Distributed Cloud 101 lab previously, please delete the LB from the previous lab. We will create a new LB in this lab with the same name. What’s more, please jump to Task 1 directly.
Lab 1 will focus on the deployment and security of an existing hosted application using F5 Distributed Cloud Platform and Services. This lab will be deployed in a SaaS only configuration with no on-premises (public or private cloud) elements. All configurations will be made via the F5 Distributed Cloud Console and within the F5 Distributed Cloud Global Network services architecture.
For the tasks that follow, you should have already noted your individual namespace. If you failed to note it, return to the Introduction section of this lab, follow the instructions provided and note your namespace accordingly. The Delegated Domain and the F5 Distributed Cloud Tenant are listed below for your convenience as they will be the same for all lab attendees.
- Delegated Domain: .lab-sec.f5demos.com
- F5 Distributed Cloud Tenant: https://f5-xc-lab-sec.console.ves.volterra.io
Following the tasks in the prior Introduction Section, you should now be able to access the F5 Distributed Cloud Console, having set your Work Domain Roles and Skill levels. If you have not done so already, please login to your tenant for this lab and proceed to Task 1.
2.1. Task 1: Configure Load Balancer and Origin Pool¶
The following steps will allow you to deploy and advertise a globally available application. These steps will define an application, register its DNS and assign a target as an origin.
Note You have defaulted to your specific namespace as that is the only namespace to which you have administrative access. |
|
![]() |
|
![]() |
|
![]() |
|
2.2. Task 2: Configure WAF Policy on the Load Balancer¶
The following steps will guide you through adding a Web Application Firewall (WAF) Policy.
These steps will demonstrate various aspects of the configuration.
|
|
|
Note The JSON payload (or YAML format, from dropdown) provides the entire Load Balancer configuration for backup or subsequent CI/CD automation operations.
Note The Documentation screen provides details on the F5 Distributed Cloud Console API. All operations in the F5 Distributed Cloud Platform are API-first. This includes all GUI actions and associated audit logging.
|
2.3. Task 3: Testing the WAF Policy & Reviewing Event Data¶
You will now perform basic testing of the Web Application Firewall (WAF) Policy. You will also review the generated event data to make additional configuration changes.
|
|
|
![]() |
Note If you lost your 1 Hour Filter, re-apply using Task 3: Step 6 |
Note Similar to a Request, Security Events also have additional detail in JSON format.
|
|
Note Adding requestor to “Blocked or Trusted Clients” is also available.
|
Note Rerunning the attack you just excluded, you will note that it is no longer blocked. |
2.4. Task 4: Understanding Exclusions and Customizing WAF Policy¶
In this task you will come to understand how exclusions are applied. You will also further customize the WAF policy just built.
Note This allows for policy reuse and reduces the need for specific application WAF Policies.
|
|
|
|
Sample Blocking Response Page to be copied:
<style>body { font-family: Source Sans Pro, sans-serif; }</style>
<html style="margin: 0;"><head><title>Rejected Request</title></head>
<body style="margin : 0;">
<div style="background-color: #046b99; height: 40px; width: 100%;"></div>
<div style="min-height: 100px; background-color: white; text-align: center;"></div>
<div style="background-color: #fdb81e; height: 5px; width: 100%;"></div>
<div id="main-content" style="width: 100%; ">
<table width="100%"><tr><td style="text-align: center;">
<div style="margin-left: 50px;">
<div style="margin-bottom: 35px;"><br/>
<span style="font-size: 40pt; color: #046b99;">Rejected Request</span>
</div><div style="font-size: 14pt;">
<p>The requested URL was rejected. Please consult with your administrator.</p>
<p>Your Support ID is: <span style="color:red; font-weight:bold">{{request_id}}</span></p>
<p><a href="javascript:history.back()">[Go Back]</a></p>
</div></div></td></tr></table></div>
<div style="background-color: #222222; position: fixed; bottom: 0px; height: 40px; width: 100%; text-align: center;"></div>
</body></html>
End of Lab 1: This concludes Lab 1, feel free to review and test the configuration. A brief presentation will be shared prior to the beginning of Lab 2. |
![]() |