Add support for both Bot Defence AND WAF Security Policy in the FAST HTTP template

[danielcayer]

Is your feature request related to a problem? Please describe.

The FAST HTTP template does not currently allow me to deploy an application with both a Bot Defence profile and a WAF Security policy together (they are mutually exclusive). I want to select both a WAF Security Policy option and a BOT Defense Profile to protect my application, but the Bot Defence options disappear when I enable the WAF Security Policy option.

Describe the solution you'd like

I want the FAST HTTP template to support configuration of an application with both a WAF Security policy and also a Bot Defence profile.

Describe alternatives you've considered

I can manually configure the security options for the virtual server and attach both a WAF security policy and also a Bot Defence profile.

Additional context

The corresponding documentation on clouddocs indicates the current limitation is by design, but I do not understand why this limitation exists: https://clouddocs.f5.com/products/extensions/f5-appsvcs-templates/latest/userguide/ASM-guidance.html

[danielcayer]

Update: As a "workaround" solution, I customized the FAST template to prevent the "Bot Defence" option from disappearing when the WAF security policy option is enabled. This allowed me to successfully deploy my application with both WAF and Bot Defence enabled.

All I did was to "comment out" lines # 189-192 in the file templates/bigip-fast-templates/_security_policy.yaml as follows:

FROM: dependencies:

• enable_waf_policy invertDependency:
• enable_waf_policy

TO:

dependencies:

  #  - enable_waf_policy
  #invertDependency:
  #  - enable_waf_policy

Hopefully, this solution is valid and can be implemented in the officially-supported FAST template ASAP.