Following are the resolutions for some of the issues that you might encounter when using Web App Firewall.

  • Web App Firewall sets window size to 9845 when resetting connection for invalid http messages.

    – Malformed request received - connection reset [Client/Server sending invalid content-length header] – Unknown content-type in request headers

  • System Limit: the application appears frozen

    – Occurs when maximum session limit is reached. (100K) – Less system memory for operation.

    • IP Reputation feature not working – The iprep process takes about five minutes to start after you enable the reputation feature. The IP reputation feature might not work for that duration.
  • Unexpected Web App Firewall violations being triggered

    – Session timeout has a default value of 900 seconds. If session timeout is set to a low value, browser may trigger false positives for checks which rely on sessionization (e.g CSRF, FFC). Check for session timeout and look at the session ID (cs3 in CEF logs). If the sessionID is different, the session timeout might be the reason. – If form is dynamically generated by javascript, it may trigger false FFC violations.

  • Empty field name in FFC violation logs (prior to 11.0 release)

    This may be seen in scenarios where we come across a form field which is not in the forms in our session.

    Scenarios where this may occur:

    – The session has timed out from when the form was sent to the client and when it was received. – The form was generated on the client side using a java script.