ASM Removing Login Body
We are working on configuring ASM for deployment in our environment. Currently we are only testing it in our Alpha environment. In testing we have found a curious problem and are hoping to shed some light on it. In our Alpha environment we do manual as well as automated testing. The automated testing is done using Selenium.
With the WAF on and in transparent mode during the login process the WAF appears to be removing the HTTP body from the login response/confirmation after the username and password have been sent. The issue only happens with the WAF on (again in transparent mode) and only on the automated testing. With the WAF off automated testing works just fine and without issue as does manual testing regardless of whether the WAF is on or off.
This has been perplexing us for some time now as we can't find any reason for the WAF to remove the the body while leaving the header and only with the automated testing. We have confirmed that Selenium is passing the appropriate javascript tests that the WAF issues regarding verification.