Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
1
Replies

AXG/WAF Issue - Parser Error

hermanvanheerden
Level 1
Level 1

‎02-22-2012 01:42 PM

Hello,

I am having an issue with a WAF.  My topology is as follows:  (internet) -> (ACE) -> (WAF) -> (ACE) -> (Server).

On the WAF I get this error:  "Parser error: Document must start with '<' character. at byte 0 ".

When the WAF is bypassed, the application works. 

Things I can think of that you need to know - This is a Sybase application, traffic is sent over port 80, but the data is encrypted between client and server.

Not sure if the problem is with what the ace is sending out to the WAF, or if the WAF simply doesn't like the traffic because it is encrypted but not typical ssl type traffic. 

Has anyone encountered a problem like this before?  How would you go about resolving this issue?

Herman

Labels:
0 Helpful
1 Reply 1

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎02-23-2012 12:25 AM

Hi Herman,

The problem is that WAF expects to see an XML data exchange for any connections going through it, and any XML document will start with the "" tag. What this error is saying is that, what is being transferred is not valid XML. It makes perfect sense if, as you said, the data inside the transfer is encrypted.

In order to use WAF, you need to ensure that the data going through it is not encrypted. I'm not familiar with this Sybase application, but, if it's using SSL, then, the best approach would be performing SSL termination in the first ACE and optionally, SSL initiation on the second one.

I hope this helps

Daniel

0 Helpful
Customers Also Viewed These Support Documents