Deployment considerations
While you can stand up a basic AppFirewall deployment quickly, things are far from plug and play and you shouldn't move to production without adequate testing. This topic discusses some of the considerations you should think about during your planning phase.
Deploying AppFirewall involves the following steps:
Enabling AppFirewall.
Creating an AppFirewall profile that specifies the protections that will be enabled.
Creating a policy to narrow down what types of requests need to be scanned.
Choosing a bind point to specify which VIPs will use these protections.
Creating a suitable profile and policy requires a thorough understanding of the application that you are protecting and the service that it is required to provide. Working with the developers of your applications is key to getting this configuration correct. Questions you should ask are:
What kind of application am I trying to protect from malicious User input?
The following points influence the profile type:
Is it...
