Stopping WAF from Inserting Cookie Fields
This topic describes how to stop WAF from inserting the HWWAFSESTIME and HWWAFSESID fields into cookies. However, you should exercise caution when enabling this function. If WAF does not insert the HWWAFSESTIME and HWWAFSESID fields into cookies, CC attack protection rules (verification code), known attack source rules, and dynamic anti-crawler rules will be unable to work.
Prerequisites
You have selected Dedicated Mode or Cloud Mode - Load balancer when adding the website to WAF.
Procedure
- Log in to the WAF console.
- Click
in the upper left corner and select a region or project.
- (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the navigation pane on the left, click Website Settings.
- On the Website Settings page, click the target website domain name.
- In the Do Not Insert the Cookie Field column, click
to enable the function.
After the above configuration is complete, access the protected website. If the configuration works, the returned response cookie does not contain the HWWAFSESTIME or HWWAFSESID fields.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot