This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.5 New WAF Session Storage Limits? - Not documented? What is the limits based on?

So I have installed 9.5 on my test Sophos and I have found a feature not documented for WAF.

 

Its under WAF > Advanced

 

 

What is the recommend limits, I understand what it is says - but how much is 25,000? is this for small, medium or big deployment of WAF? How do I see when its "closes sessions".

 

How does work in conjunction with connection pooling?

 

The help guide has not been updated as there is no information in there.



This thread was automatically locked due to age.
  • just to add to it there seems more missing from even the helpfile.

    no info or help about request redirection either. 

    Seems waf got changes but someone forgot the docs ?

  • Theres a Cloudwatch daemon log file too. Wonder what that's for?

  • Hi,

    the new Online Help for 9.5 is delivered with the GA release.


    You have to enable debug logging to see the session cleanup messages in the reverseproxy.log.
    Therefore, you have to change the file /var/chroot-reverseproxy/usr/apache/conf/httpd.conf.
    "LogLevel notice" to "LogLevel notice session_server:debug"

    Then restart WAF:
    /var/mdw/scripts/reverseproxy restart

    After that, you should see messages like this in the reverseproxy.log:

    "[...] regular session cleanup: success (expired: 20, over limit: 15, remaining: 80)"

    I would tune the session storage limits according to the amount of 'over limit' files with respect to the session storage limits.

     

    Best,
     Sabine

  • Hi Sabine,

     

    Thanks for this ,do you have a time frame when GA will be released? I am also looking for the full 9.5 iso? Has there been any issues reported or any problems that would delay the GA?

     

    Thank you very much for your help,

     

    Kind Regards,

    Matt

  • Hi,

    I can't tell you a date for the actual GA release. Staged rollout via Up2Date has started.

    At the moment, there are no known issues that might delay the GA.

    Regards,
     Sabine 

  • Hi Sabine ,

     

    Can you tell me what the limit is based on? light traffic? how should this be scaled? I have a SG 430, should I set it to 100,000?

  • Hi,

    the limit is based on the fact that smaller boxes don't run out of memory.
    As far as I know, the smallest box has a 64 GB SSD and SG 430 has a 240 GB SSD.
    Therefore, I would assume that setting it to 100,000 is a good start.
    I would definitely suggest to keep an eye on the memory consumption in the first weeks.


    Best,
     Sabine

  • Hi Sabine,

     

    Thank you for your reply, do you know what the limit was set on the 9.4 (Before we had the option to change it?)

     

    We were running an SG 330 which has 12GB ram and 180GB SSD and after 2-3 days using WAF it just consumed all the memory. (Although the UTM only said 45%, using the "TOP" command in SSH showed it indeed had used up the memory and started to use the page file. At midnight it would drop slightly and then during the day eat the remainder.

     

    It appears that WAF holds stuff in memory? even though after about 8pm our traffic is reduced significantly for our web server. It appears sort of like a windows SQL server and holds up 95% memory.

     

    On another note, is there any plans to upgrade the mod security module to a newer version? i.e version 3? because its running 2.7.7

    but my main question is what was the limit on 9.4? im assuming it was 25,000?