cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
787
Views
0
Helpful
1
Replies

AXG/WAF Issue - Parser Error

Hello,

I am having an issue with a WAF.  My topology is as follows:  (internet) -> (ACE) -> (WAF) -> (ACE) -> (Server).

On the WAF I get this error:  "Parser error: Document must start with '<' character. at byte 0 ".

When the WAF is bypassed, the application works. 

Things I can think of that you need to know - This is a Sybase application, traffic is sent over port 80, but the data is encrypted between client and server.

Not sure if the problem is with what the ace is sending out to the WAF, or if the WAF simply doesn't like the traffic because it is encrypted but not typical ssl type traffic. 

Has anyone encountered a problem like this before?  How would you go about resolving this issue?

Herman

1 Reply 1

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

Hi Herman,

The problem is that WAF expects to see an XML data exchange for any connections going through it, and any XML document will start with the "" tag. What this error is saying is that, what is being transferred is not valid XML. It makes perfect sense if, as you said, the data inside the transfer is encrypted.

In order to use WAF, you need to ensure that the data going through it is not encrypted. I'm not familiar with this Sybase application, but, if it's using SSL, then, the best approach would be performing SSL termination in the first ACE and optionally, SSL initiation on the second one.

I hope this helps

Daniel

Review Cisco Networking for a $25 gift card