Forum Discussion

AceHunter1965's avatar
AceHunter1965
Icon for Altostratus rankAltostratus
Jun 17, 2023

BIG-IP WAF Causes WSS Connections to Stall

Hey all!

We've been using BIG-IP in our company as a gateway to the entire network, and we have multiple inner hosts that are proxyed by it.

All connections using HTTPS/WSS are passed through a WAF policy that has most of the signatures enabled, but we've recognized a problem with WebSocket connections:

Any WebSocket connection created from a browser (Chrome) that goes through the WAF policy is stalled, with the status showing as "Pending" indefinitely. It doesn't look like BIGIP outright blocks the connection, since there is no event log for it, but if the connection is setup to bypass the WAF policy (by disabling ASM in an iRule), it works well.

I'd appreciate any help in troubleshooting the problem, if anyone has faced it before. We are using BIGIP 15.1.5.1.

6 Replies