Hi
Working to secure a Web Application with the WAF. We have done a few other applications with success, but this one is new. We are running into an issue that whenever any of the Common Threats are enabled, the IIS server just errors with 500 - Internal Server Error for JSON requests. The strange thing is there the only events in the reverseproxy.log are the a 301, a 40X for authentication, and then a bunch of 500s in a row. If I disable the CTF and refresh the page, it loads just fine so I know the app is working. It's not using NTLM, even though it's enabled by installer.
HTTP/1.1 401 Unauthorized
Date: Thu, 15 Apr 2021 16:50:53 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
X-AspNet-Version: 4.0.30319
WWW-Authenticate: Bearer
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Content-Length: 61
I've tried turning off Windows Auth (NTLM) so only Anonymous was enabled since the app uses it's own auth, but no change. What could the WAF be doing that is not logged?
Thanks!
This thread was automatically locked due to age.
