For some reason it just started to happen randomly that any web application that sits behind our UTM and Web Application Firewall, we get random 400 Bad Requests. We have updated Apache on all the web front ends and still we are plagued with 400 bad requests. We have even gone as far as turning off the Firewall profiles that were enabled on the web application and still we keep getting random 400 bad requests. Any help with this issue would be great.
@Bob: I get the feeling that the requests are coming from internal clients, then he's having the request loop-back through WAF to his internal server. If this is the case, is the server at least on a different interface (DMZ)?
__________________ ACE v8/SCA v9.3
...still have a v5 install disk in a box somewhere.
Those are the log lines from the Web Application Firewall logs. Also the requests are coming from external clients. I have removed the IP address from the srcip, but can tell you that all the requests are coming from external clients into the Web Application Firewall and being directed to internal web servers. Any help on this would be greatly appreciated.