I have recently enabled WAF and it works fine. I am getting the following warning message
[warn] [client 82.***.***.100] Dropping cookie 'nas_tree_y' from request due to missing/invalid signature, referer: https://*****.dyndns.org:****/cgi-bin/html/login.html?3.5.1.1002T
I am connecting via SSL and I have the following options enabled:
NAS Firewall profile
Mode: reject
Attack Patterns: Cross Site Scripting
SQL Injection
Cookie signing: enabled
URL Hardening: disabled
Form Hardening: disabled
AntiVirus scanning: Single Scan (Uploads only)
Block clients with bad reputation: enabled
What do I need to do to fix this warning? Is it something I need to do on the webserver(i.e. enter the Cookie Signing Secret on the web server)?
Also I've noticed that the dashboard shows "Web Application Security is active, 0 requests served today" even though I am having multiple connections to the web server
THanks
This thread was automatically locked due to age.
