AppFirewall needs to modify packets in order to detect any sort of tampering. In addition to this, enabling certain protections requires AppFirewall to drop parts of the Server response (such as credit cards and other sensitive data) or alternatively transform them (such as keywords) so that special characters are rendered harmless. In this section, let's examine these changes:
- One of the first changes you will notice if using features that require sessionization is that AppFirewall adds session cookies to the application's own cookies.
AppFirewall Session Cookie when using Advanced Profiles
- When Advanced Protections are enabled, AppFirewall also removes caching headers so that instead of a conditional response, a full response is received. This is needed to allow AppFirewall to understand the context of the data being exchanged and drop the response if needed. This does however mean that you will see more requests to the backend servers when using Advanced Protections.
- When forwarding the Server's response back to the client, the
Content Lengthheader is dropped. Instead a newTransfer-Encoding: chunkedheader is added. This is a process called chunking, and indicates to the client that the exact size of the response is not known in advance. This step is necessary because the AppFirewall might have to introduce changes of its own to the response (such as drop sensitive data in the response), thereby impacting the size of the response. In such cases, the end of data is indicated by a zero-sized chunk:
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.