If I need to migrate my application behind a WAF what do I have to keep in mind?
Does the extranet use anything other than GET, POST, HEAD requests?
Does it use CUSTOM type methods that should be considered for authorization?
Catarina Grilo [SLC] [DevOps Advocate] Selected answer as best 11th June 2024
Hi Catarina,
I believe that the webpages only make use of GET, POST and HEAD methods. However, future modules (DataAPI, Scripted Connectors, ...) exposing a REST API might require the use of PUT and DELETE as well.
The CUSTOM type should not be used anywhere so I believe it fine to block that in the WAF.
Kind regards,
Catarina Grilo [SLC] [DevOps Advocate] Selected answer as best 11th June 2024