NimbostratusHi,
We are observing WAF is blocking the request under violation "illegal response code in Http request". Waf is prompting the error 500 response code, Hence Web Application is responding the request when WAF is in Transparent mode It's mean Server is not Providing 500 response code. Some can guide to me What should i do?
Waf is installed in reverse proxy mode.
CumulonimbusHello Naveenkumar,
First of you can manage Allowed Response Status Codes in Security ›› Application Security : Policy : Policy Properties.
In all case it good to block all application error code this can give information used to the hacker.
So in order to check the response code of your application you can check events logs (Request and response) it's reliable.
otherwise you can also make an irule to check status code in response.
are you sure that part of the request is not truncated, blocked (by asm) or alter which could cause a 500 error. you can for example have an ajax request that is blocked and not visible in the request ... (not in your case but as an example).
Regards