Good afternoon all,
I'm just wondering about how http security profiles fit into the BIG-IP offering as a whole in relation to the ASM security profile. The entire http_security profile is an overlap of the capabilities of ASM but it is attachable at the vs lvl.
My initial though is that it fulfills two requirements:
Am I missing something here or am I accurate in my assumptions?
that is pretty much my feeling also. it started from somewhere probably and found its place in AFM. nice for a start, but if you need an actual WAF you need ASM.