When we are testing the requests via postman to the any site, for instance say, user3.soccloudwaf.com, we get the 200 OK response. (Please see the screenshot below)
By default, Postman send Auto Generated Headers, when we deselect the HOST option and send the request, then we get the incident id 0-random_numbers wit 503 Error. (Please see the screenshot below)
This incident ID does not include session information (the session part of the incident ID in this case is 0.) The 0 indicates that this was a session-less incident, which means that the request was halted on Imperva's side. These type of incidents cannot be trace nor find the incident but if the customer has configured SIEM, then it can be seen on the SIEM logs. As per this incident, we got error code 9 (edet=9) which means that the response to the HTTP request was incomplete, the client closed the TCP connection before receiving the full response (please see the screenshot below). This entry for error code 9 can be seen on the SIEM logs with the entry REQ_BAD_CLIENT_CLOSED_CONNECTION. It's probable you may get different edet code while testing with the incident id 0_random_numbers, you can tell the customer about the SIEM log entry from this documentation https://docs.imperva.com/bundle/cloud-application-security/page/settings/waf-settings.htm
