Why Do Cookies Contain the HWWAFSESID or HWWAFSESTIME field?
HWWAFSESID indicates the session ID, and HWWAFSESTIME indicates the session timestamp. These two fields are used to mark the request, for example, they can be used to count the requests for a CC protection rule.
After a domain name or IP address is connected to WAF, WAF inserts fields such as HWWAFSESID (session ID) and HWWAFSESTIME (session timestamp) into the cookie of your customer request. These fields are used by WAF to implement some functions, such as counting requests and monitoring request duration. If these fields are not inserted, some rules may be unable to work, such as CC attack protection rules with verification code configured, known attack source rules, and dynamic anti-crawler rules.
WAF Usage FAQs
- Why Does the Vulnerability Scanning Tool Report Disabled Non-standard Ports for My WAF-Protected Website?
- What Are the Restrictions on Using WAF in Enterprise Projects?
- How Do I Obtain the Real IP Address of a Web Visitor?
- Will Traffic Be Permitted After WAF Is Switched to the Bypassed Mode?
- What Are Local File Inclusion and Remote File Inclusion?
- What Is the Difference Between QPS and the Number of Requests?
- Does WAF Support Custom Authorization Policies?
- How Do I Configure My Server to Allow Only Requests from WAF?
- Why Do Cookies Contain the HWWAFSESID or HWWAFSESTIME field?
- Can I Switch Between the WAF Cloud Mode and Dedicated Mode?
- How Do I Configure WAF If a Reverse Proxy Server Is Deployed for My Website?
- How Does WAF Forward Access Requests When Both a Wildcard Domain Name and a Single Domain Name Are Connected to WAF?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more
