Stopping WAF from Inserting Cookie Fields
This topic describes how to stop WAF from inserting the HWWAFSESTIME and HWWAFSESID fields into cookies. However, you should exercise caution when enabling this function. If WAF does not insert the HWWAFSESTIME and HWWAFSESID fields into cookies, CC attack protection rules (verification code), known attack source rules, and dynamic anti-crawler rules will be unable to work.
Constraints
This function is supported only by dedicated mode or cloud mode load balancer access.
Prerequisites
You have connected your website to WAF using dedicated mode or cloud mode load balancer access.
Procedure
- Log in to the WAF console.
- Click
in the upper left corner and select a region or project. - (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the navigation pane on the left, choose Website Settings.
- On the Website Settings page, click the target website domain name.
- In the Do Not Insert the Cookie Field column, click
to enable the function.
If this function is enabled, the CC attack protection (verification code), known attack source rules, and dynamic anti-crawler rules will be unable to work. Exercise caution when enabling this function.
After the preceding configurations are complete, access the protected website, press F12 to open the developer tool, click the current domain name under Cookie on the Application tab, and check whether the HWWAFSESTIME and HWWAFSESID fields are included.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
