Hi Everyone,
We run Customer and Sales portals on a dedicated server and I am trying to get the WAF to function correctly. Basically I am stuck with an AJAX/Postback issue. These sites are AJAX based ASP.NET and my issue is that postbacks seem to be dropped by the WAF. For example there might be a combobox for STATE on the page and once you select a state a postback occurs and all available CITIES are loaded into the City combobox. When running thru the WAF the city combobos will not load. Any postback round trip to the server seems to get dropped.
The WAF documentation is pretty weak and Sophos support says I need to open up a professional services engagement to get it working. We are not doing anything special with these sites, it's run-of-the-mill .NET/Ajax so I am perplexed that there are no out of the box settings for the WAF that would deal with this.
After some googling I've seen a couple of threads from a few years ago on a similar topic and it looked like they had to set up some rule exclusions. Unfortunately I cannot find any documentation on all the rules the WAF uses. Is ModSecurity used for the WAF and if so does anyone have any idea what collection of rules are being used?
Any thoughts on how to proceed on thus (other that down the professional services road)?
Thanks in advance,
Dave Cline
This thread was automatically locked due to age.
