Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Slow HTTP GET with request body

    Posted 01-27-2021 06:41

    Hello,

    I saw strange behavior on my on-premises WAF on HTTP GET request with body payload.
    Seems that WAF takes body payload as an another request and trying to parse it. HTTP 1/x protocol policy alerts such violations like Unknown HTTP Request Method, Malformed URL, Malformed HTTP Header Line etc. Its no a problem. 

    The problem is such requests takes aprox 1-1.5 minutes long that leads to slow down an application. Did some research i found that disable all policies didn't solve problem. But when I added additional Line Feed character (\n) to testing request after body my request takes 100 millis long.

    Is there any solution or workaround that all GET requests with body executes the same with one or two LF chars?

    ps SecureSphere 13.6.0.50


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Anton Kazantsev
    JSC Tochka
    ------------------------------


  • 2.  RE: Slow HTTP GET with request body

    Posted 01-28-2021 08:56

    By default GET requests are not allowed to have content body and as such they are not parsed an the body is being interpreted as the method.

    In order to enable Get request with body you should change the following parameter in hades.cfg.template.

    http_method_content_mask_low: 1822375688



    ------------------------------
    Michael Sorin
    ------------------------------



  • 3.  RE: Slow HTTP GET with request body

    Posted 01-29-2021 04:12
    Edited by Anton Kazantsev 01-29-2021 05:18
    Is MX or Gateway needs any restart for applying ?

    ------------------------------
    Anton Kazantsev
    JSC Tochka
    ------------------------------



  • 4.  RE: Slow HTTP GET with request body

    Posted 01-31-2021 01:10
    The configuration needs to be changed on GW side and GW restart is required.

    ------------------------------
    Michael Sorin
    ------------------------------



  • 5.  RE: Slow HTTP GET with request body

    This message was posted by a user wishing to remain anonymous
    Posted 02-08-2021 07:33
    This post was removed