We've been using BIG-IP in our company as a gateway to the entire network, and we have multiple inner hosts that are proxyed by it.
All connections using HTTPS/WSS are passed through a WAF policy that has most of the signatures enabled, but we've recognized a problem with WebSocket connections:
Any WebSocket connection created from a browser (Chrome) that goes through the WAF policy is stalled, with the status showing as "Pending" indefinitely. It doesn't look like BIGIP outright blocks the connection, since there is no event log for it, but if the connection is setup to bypass the WAF policy (by disabling ASM in an iRule), it works well.
I'd appreciate any help in troubleshooting the problem, if anyone has faced it before. We are using BIGIP 22.214.171.124.
Hi @AceHunter1965 ,
I recommend to add an explicit Web socket URI Entities , to Let Bigip AWAF parse and deal with it properly.
So identify your Websocket URIs and add them explicitly , use the below Article :
But you need to enable your event Log to see traffic behavior after adding these entities.