You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've implemented an application firewall in front of an application where we've used the sessionTimeout script. One of the anomalous behaviors that triggers a block rule on the firewall is POST requests with a content-length of 0. Apparently this is something that denial of service attacks may do?
The $.ajax() call made when a user clicks the keep-alive button also sends a POST with 0 bytes of content, so the firewall is now blocking our users from using the sessionTimeout script.
It would be easy to modify the script to send some small content in the POST so that we can keep the firewall rule enabled to stop actual suspicious requests, but that kind of change would be undesirable for most users. But would you consider adding some more configuration options to the plugin, so that developers could specify additional attributes of the $.ajax() call? That could benefit everyone, in addition to letting us solve our specific firewall problem by defining some contents for the request.
The text was updated successfully, but these errors were encountered:
Hi,
We've implemented an application firewall in front of an application where we've used the sessionTimeout script. One of the anomalous behaviors that triggers a block rule on the firewall is POST requests with a content-length of 0. Apparently this is something that denial of service attacks may do?
The $.ajax() call made when a user clicks the keep-alive button also sends a POST with 0 bytes of content, so the firewall is now blocking our users from using the sessionTimeout script.
It would be easy to modify the script to send some small content in the POST so that we can keep the firewall rule enabled to stop actual suspicious requests, but that kind of change would be undesirable for most users. But would you consider adding some more configuration options to the plugin, so that developers could specify additional attributes of the $.ajax() call? That could benefit everyone, in addition to letting us solve our specific firewall problem by defining some contents for the request.
The text was updated successfully, but these errors were encountered: