By default GET requests are not allowed to have content body and as such they are not parsed an the body is being interpreted as the method.
In order to enable Get request with body you should change the following parameter in hades.cfg.template.
http_method_content_mask_low: 1822375688
------------------------------
Michael Sorin
------------------------------
Original Message:
Sent: 01-27-2021 06:40
From: Anton Kazantsev
Subject: Slow HTTP GET with request body
Hello,
I saw strange behavior on my on-premises WAF on HTTP GET request with body payload.
Seems that WAF takes body payload as an another request and trying to parse it. HTTP 1/x protocol policy alerts such violations like Unknown HTTP Request Method, Malformed URL, Malformed HTTP Header Line etc. Its no a problem.
The problem is such requests takes aprox 1-1.5 minutes long that leads to slow down an application. Did some research i found that disable all policies didn't solve problem. But when I added additional Line Feed character (\n) to testing request after body my request takes 100 millis long.
Is there any solution or workaround that all GET requests with body executes the same with one or two LF chars?
ps SecureSphere 13.6.0.50
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Anton Kazantsev
JSC Tochka
------------------------------