Forum Discussion

Nimbostratus

Apr 26, 2018

WAF is blocking legitimate traffic for 500 response code

Hi, We are observing WAF is blocking the request under violation "illegal response code in Http request". Waf is prompting the error 500 response code, Hence Web Application is responding the re...

ASM Advanced WAF

security

youssef1

Cumulonimbus

Apr 26, 2018

Hello Naveenkumar,

First of you can manage Allowed Response Status Codes in Security ›› Application Security : Policy : Policy Properties.

In all case it good to block all application error code this can give information used to the hacker.

So in order to check the response code of your application you can check events logs (Request and response) it's reliable.

otherwise you can also make an irule to check status code in response.

are you sure that part of the request is not truncated, blocked (by asm) or alter which could cause a 500 error. you can for example have an ajax request that is blocked and not visible in the request ... (not in your case but as an example).

Regards

Forum Discussion

WAF is blocking legitimate traffic for 500 response code

Recent Discussions

security patch release

VPN fragmented IP packets dropped

minimum tmos software version for connect CIS (openshift)

redirect not working

Reliable resources for identifying IP addresses

Related Content

Response and blocking page

Introduction of Incident Response

Separating False Positives from Legitimate Violations

custom response page for api

Block traffic