Load Balancer WAF Blocking Firefox 132.0.2 Traffic

[kayiwa]

Description:

We're experiencing an issue where the web application firewall (WAF) on our load balancer is blocking all traffic from Firefox version 132.0.2. This is preventing users with this browser version from accessing our web applications.

Symptoms:

• Datadog's Firefox 132.0.2 are unable to access any of our web applications.
• They might receive error messages like "Access Denied" or "403 Forbidden."
• Other browsers (Chrome, Safari, Edge) are not affected.

Impact:

• Users with Firefox 132.0.2 are able to access our services.

Tasks:

1. Investigate WAF Logs:

   • Disable the WAF

2. Identify Root Cause:

   • Determine why the WAF is flagging Firefox 132.0.2 as a threat. Possible causes include:
     • User-Agent String: The WAF might be blocking based on the User-Agent string of Firefox 132.0.2.
     • Specific Headers or Cookies: There might be specific headers or cookies sent by Firefox 132.0.2 that are triggering a WAF rule.
     • Security Vulnerability: It's possible (though less likely) that Firefox 132.0.2 has a known vulnerability that the WAF is trying to mitigate.

3. Testing:

   • After implementing the solution, check Datadog with Firefox 132.0.2 to ensure access is restored.

[kayiwa]

Also blocking solr traffic.

[acozine]

Also causing pulibrary/figgy#6555.

[acozine]

@tpendragon and I were looking at the Figgy end of this issue and could not find any logging for requests denied by the WAF. Let's configure logging for the WAF and document where log messages go when a request is denied.