Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

BIG-IP WAF Causes WSS Connections to Stall


Hey all!

We've been using BIG-IP in our company as a gateway to the entire network, and we have multiple inner hosts that are proxyed by it.

All connections using HTTPS/WSS are passed through a WAF policy that has most of the signatures enabled, but we've recognized a problem with WebSocket connections:

Any WebSocket connection created from a browser (Chrome) that goes through the WAF policy is stalled, with the status showing as "Pending" indefinitely. It doesn't look like BIGIP outright blocks the connection, since there is no event log for it, but if the connection is setup to bypass the WAF policy (by disabling ASM in an iRule), it works well.

I'd appreciate any help in troubleshooting the problem, if anyone has faced it before. We are using BIGIP


Hi @AceHunter1965 , 
I recommend to add an explicit Web socket URI Entities , to Let Bigip AWAF parse and deal with it properly. 

So identify your Websocket URIs and add them explicitly , use the below Article  :

But you need to enable your event Log to see traffic behavior after adding these entities. 

Mohamed Kansoh


Seems like adding the websocket URI has no visible effect on the problem

When this problem occurs there is usually no websocket profile attached to the virtual server.



We've added a websocket profile before encountering the error, and it persists even after trying all websocket masking options.

Community Manager
Community Manager

Hey @AceHunter1965  - did either of the suggestions above help you troubleshoot? If yes, could you pleae click "Accept as Solution" on the one that worked for you, or let us know if you still need assistance? 

Sorry for the lack of response from me, but I've tried all suggestions so far and still haven't managed to solve my issue 😞