Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AXG/WAF Issue - Parser Error

Hello,

I am having an issue with a WAF.  My topology is as follows:  (internet) -> (ACE) -> (WAF) -> (ACE) -> (Server).

On the WAF I get this error:  "Parser error: Document must start with '<' character. at byte 0 ".

When the WAF is bypassed, the application works. 

Things I can think of that you need to know - This is a Sybase application, traffic is sent over port 80, but the data is encrypted between client and server.

Not sure if the problem is with what the ace is sending out to the WAF, or if the WAF simply doesn't like the traffic because it is encrypted but not typical ssl type traffic. 

Has anyone encountered a problem like this before?  How would you go about resolving this issue?

Herman

Everyone's tags (3)
1 REPLY
Cisco Employee

AXG/WAF Issue - Parser Error

Hi Herman,

The problem is that WAF expects to see an XML data exchange for any connections going through it, and any XML document will start with the "" tag. What this error is saying is that, what is being transferred is not valid XML. It makes perfect sense if, as you said, the data inside the transfer is encrypted.

In order to use WAF, you need to ensure that the data going through it is not encrypted. I'm not familiar with this Sybase application, but, if it's using SSL, then, the best approach would be performing SSL termination in the first ACE and optionally, SSL initiation on the second one.

I hope this helps

Daniel

342
Views
0
Helpful
1
Replies