Hi all,
I'm trying the WAF functionality (ASG 8.002) on a real environment against a IIS real web server.
The IIS host several web sites sharing the same IP and I can say that "Pass Host Header" works.
The only thing that doesn't work is the "Cookie signing".
Pratically, if I enable the default "Advanced Protection" firewall profile, the browser of the client is not able to get the web pages.
The browser continuosly try to asks for the web pages (Iooking at the reverseproxy logs) but it gets nothing.
I tried also to remove all resident cookies from the browser but without results.
Does Anyone has the same problem?
The second question is about the web access statistics.
Obviously the reverse proxy hides the IP of the external client and the internal web server only see requests from the internal IP address of the firewall.
This is an issue for all the softwares that analyze and create statistics using the access logs (ie. webalizer).
Could it be a way to work like "transparent" for the reverse proxy?
Any idea?
This thread was automatically locked due to age.
Quote