We have multiple WAF sensors deployed in our AWS cloud environment, and we are experiencing an issue with one of our applications and was wondering if someone can help. I would like to know if there is a way to setup connection time out values within Qualys WAF. The application is web based application running on tomcat server/apache and is connected to Amazon RDS for database services. The database that we are running is PostGres SQL.
For the most part the application is working the way it should except when attempting to pull a big query through a search function. When you perform big query search which has large data, the web server will attempt to fulfill the request, however you will see for like 3 minutes to 5 minutes or so the "waiting for reply" message on the browser status bar, eventually failing with the following error code: "Inactivity Timeout" "Too much time has passed without sending any data for document"
The setup architecture is as follows:
Traffic comes from External Amazon Load Balancer to WAF TO Internal Load Balancer. The origin server within the application profile in Qualys console is set to the internal load balancer FQDN.
What we have done so far:
1. Check the External Load Balancer Elb Settings which is set to 3600 seconds.
2. Remove the internal load balancer and set the origin server the actual server IP address running on port 80 instead of the internal ELB FQDN.
3. We have completely removed the WAF out of the equation and it seems like when we did that application does work
4. Policy is set to pass through and do not block policy is in effect.
So at this point I am assuming that the issue has to do with time out values, where the web server is taking long time to do the query and WAF times out.
My question is:
How can I increase or set custom time out values in WAF ???
How can I enable the sensor logs for troubleshooting purposes through the command line?. When I try to run vewlogs command it says log file is empty.
What other troubleshooting steps I can take on the WAF side, to take the WAF out of the equation?
Looking forward to hear from the community soon, and thanks for taking the time to read this post.