AWAF policy-diff hole checker

Paste a before and an after declarative WAF policy and it classifies every security-relevant change as a relaxation or a tightening, then answers the question that matters after tuning: did this open a hole? It flags relaxations that widen protection beyond a single entity apart from a properly-scoped single-entity allow. Runs entirely in your browser.

Security & WAF

Two declarative WAF policies to compare

Compared in your browser. Neither policy is uploaded.

A deterministic diff of the security-relevant sections F5's declarative policy schema defines. It reads enforcement mode, signature staging, X-Forwarded-For trust, Data Guard, CSRF, per-violation block flags, per-evasion enablement, and the URL / parameter / file-type entities. It never contacts a BIG-IP.

Paste a before and an after policy to see which changes opened a hole and which stayed scoped.
API endpointGEThttps://ronutz.com/api/v1/f5-awaf-policy-diffDocumented, not served. Opens the specification.

References