Follow

Q&A: Best practice/Silverline recommendation for deploying WAF with a CDN?

 

Question

  • I am curious as to whether there is a best practice / Silverline recommendation for deploying the WAF service when leveraging a CDN as well?
  • Are there any nuances or issues I need to keep in mind for this implementation?

 

Environment

  • Silverline WAF
  • Policy / Policies
  • Proxy / Proxies

 

Answer

  • The recommended setup is to run F5 Silverline WAF behind your CDN service. This deployment lets you get the most out of your CDN service.
  • You can then configure the CDN to inject the source client IP address in a typical "X-Forwarded-For" header or any header of your choosing, like Akamai for example that uses "True-Client-IP" headers.
  • Once Silverline knows which header contains the source client IP, we'll use that header to extract the source IP information. 
  • As for the rest of the process, the Silverline proxy will act as any other proxy would, where when traffic comes in, we forward traffic to the backend origin.

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request