/
WAF Troubleshooting Instructions

WAF Troubleshooting Instructions

Owned by Jase T. English
Last updated: Nov 26, 2024
5 min read

If you have having trouble with your site and believe that the WAF is causing the issue, please perform the following (*Keep in mind that a WAF related issue is usually indicated by the follow error; Please take note of the ‘Cloudflare Ray ID’ as this is important for troubleshooting):

 

 

Initial Testing Steps

  1. Please ensure your browser is up-to-date. If your browser is in the middle of an upgrade, please complete the upgrade to see if the problem still exists.

  2. If your browser is on the latest release, try to navigate to the page using an alternate browser to see if the issue is still present. If so, please perform the ‘Troubleshooting Steps’ below.

Troubleshooting Steps

  1. Open up a new, private browser session (Private browser sessions are important to ensure that no credentials or cookies are being shared into the troubleshooting session, as well as to disable and extensions/plugins from tampering with the session) 

    • Firefox: New  Private Window (Windows: Ctrl + Shift + P  || Mac: Command + Shift + P)

    • Chrome / Edge: New Incognito Window (Ctrl + Shift + N || Mac: Command + Shift + N)

    • Internet Explorer: InPrivate Browsing (Ctrl + Shift + P)

     

  2. To open up developer mode, Press 'Ctrl' + 'Shift' + 'I' in Windows (or 'Command' + 'Option' + 'I' for MacOS) in Firefox, Chrome, or Edge; press F12 if you are using Internet Explorer.  Click on the Network Tab.  Please ensure that the log is preserved as each new page is loaded (see the instructions in later sections)

     

  3. Browse to the site from the beginning and repeat the same steps that led you to the error so the exact cause for the error will be duplicated and logged.

    *IMPORTANT: If you need to login to the site, please ensure to stop recording the traffic so that your password is not captured (in plain text) as a parameter.  Be sure to re-enable the recording after clicking the ‘Login’ button to continue to capture the traffic.

     

  4. After receiving the error message, save the HAR file and append a .txt extension (i.e: <filename>.har.txt). Also save the console output to a .log file, which can be found in the bottom of the developer tools window; if the Console window is not at the bottom, there is a tab to the left of the Network tab that contains the console data.  Attach both items to a Service-Now incident assigned to Cybersecurity for review (Please include the Cloudflare Ray ID as text in the ticket as well).  You can also email cybersec@columbia.edu with the .har.txt and .log files attached.

  5.  

    1. Firefox: Right-click in the main section of the Network tab and select: ‘Save All As HAR’ → Right-click any message in the console and select: 'Save all Messages to File...'

    2. Chrome: Right-click in the main section of the Network tab and select: ‘Save as HAR with Content’ →  Right-click any message in the console and select: 'Save as...'

    3. Internet Explorer: Click on the ‘Export as HAR’ button (or CTRL + S when the developer mode pane is in focus) → Click on the Console tab, right-click any message in the console and click: 'Copy all', then open a text editor, paste the data and save the file.

       

  6. If you received a HTTP status 520 error message, include the output from http://www.example.com/cdn-cgi/trace (replace www.example.com with the domain location where the 520 error occurred)

 

Firefox Configuration

TO PRESERVE THE LOG:

  1. Click the ‘Settings’ Button in the developer mode pane.

  2. Check ‘Enable persistent logs’ under Common Preferences.

TO SAVE THE HAR:

  1. Right-click in the main section of the Network tab and select: ‘Save All As HAR’

 

Chrome Configuration

TO PRESERVE THE LOG:

  1. Check the ‘Preserve log’ option under the Network Tab.

TO SAVE THE HAR:

  1. Right-click in the main section of the Network tab and select: ‘Save as HAR with Content’

 

 

Internet Explorer Configuration

TO PRESERVE THE LOG:

  1. Click the ‘Clear entries on navigate’ button (ensure that the button is not outlined)

TO SAVE THE HAR:

  1. Click on the ‘Export as HAR’ button (or CTRL + S when the developer mode pane is in focus)

 

Notes About Captcha Error

Sometimes clients may see the following captcha based on the WAF rule their traffic triggered:

 

If they check the box they’ll be presented with some options to prove they are not a bot browsing the site:

 

Related articles

 

 

 

Related content

Web App Attack Detected Malicious UserAgent
Web App Attack Detected Malicious UserAgent
CUIT CyberSecurity
More like this
HTTP OPTIONS Vulnerability – IIS
HTTP OPTIONS Vulnerability – IIS
CUIT CyberSecurity
More like this