Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Load Balancer WAF Blocking Firefox 132.0.2 Traffic #5561

Open
kayiwa opened this issue Nov 25, 2024 · 3 comments
Open

Load Balancer WAF Blocking Firefox 132.0.2 Traffic #5561

kayiwa opened this issue Nov 25, 2024 · 3 comments
Assignees
Labels

Comments

@kayiwa
Copy link
Member

kayiwa commented Nov 25, 2024

Description:

We're experiencing an issue where the web application firewall (WAF) on our load balancer is blocking all traffic from Firefox version 132.0.2. This is preventing users with this browser version from accessing our web applications.

Symptoms:

  • Datadog's Firefox 132.0.2 are unable to access any of our web applications.
  • They might receive error messages like "Access Denied" or "403 Forbidden."
  • Other browsers (Chrome, Safari, Edge) are not affected.

Impact:

  • Users with Firefox 132.0.2 are able to access our services.

Tasks:

  1. Investigate WAF Logs:

    • Disable the WAF
  2. Identify Root Cause:

    • Determine why the WAF is flagging Firefox 132.0.2 as a threat. Possible causes include:
      • User-Agent String: The WAF might be blocking based on the User-Agent string of Firefox 132.0.2.
      • Specific Headers or Cookies: There might be specific headers or cookies sent by Firefox 132.0.2 that are triggering a WAF rule.
      • Security Vulnerability: It's possible (though less likely) that Firefox 132.0.2 has a known vulnerability that the WAF is trying to mitigate.
  3. Testing:

    • After implementing the solution, check Datadog with Firefox 132.0.2 to ensure access is restored.
@kayiwa kayiwa added the bug label Nov 25, 2024
@kayiwa kayiwa self-assigned this Nov 25, 2024
@kayiwa
Copy link
Member Author

kayiwa commented Nov 25, 2024

Also blocking solr traffic.

@acozine
Copy link
Contributor

acozine commented Nov 25, 2024

Also causing pulibrary/figgy#6555.

@acozine
Copy link
Contributor

acozine commented Nov 25, 2024

@tpendragon and I were looking at the Figgy end of this issue and could not find any logging for requests denied by the WAF. Let's configure logging for the WAF and document where log messages go when a request is denied.

kayiwa added a commit that referenced this issue Nov 27, 2024
disable the WAF but enable logging
related #5561

closes #5567
kayiwa added a commit that referenced this issue Nov 27, 2024
disable the WAF but enable logging
related #5561

closes #5567
kayiwa added a commit that referenced this issue Dec 4, 2024
the loadbalancer enabled WAF. This PR disables it on the following
production pages

related to #5561

Co-authored-by: Vickie Karasic <[email protected]>
kayiwa added a commit that referenced this issue Dec 4, 2024
the loadbalancer enabled WAF. This PR disables it on the following
production pages

related to #5561

Co-authored-by: Vickie Karasic <[email protected]>
acozine pushed a commit that referenced this issue Dec 4, 2024
the loadbalancer enabled WAF. This PR disables it on CDH production sites
related to #5561

Co-authored-by: Vickie Karasic <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants