Why in the WAF V2 do I get a log file stating that the request was blocked but in the application the request was successful and the record was updated?
Derek Green
0
Reputation points
I have a rule 941320 triggering when posting putgroup into a web application. I understand why this is, it is because it has HTML tags in the payload. The bit I don't understand is why the firewall logs show this request as blocked in the log files but the data is still posted to the app. It is definitely using the correct WAF policy and I also changed the behaviour to block encase it was something to do with the anomaly scoring, there are also no custom rules just the managed OWASP 3.2 rule set with no exclusions. I am not overly technical but learning, can anyone answer this riddle.
Sign in to answer