Symptoms
After a protected website is connected to WAF, the website is inaccessible and the error message "414 Request-URI Too Large" is displayed, as shown in Figure 1.
Possible Causes
The client browser cannot parse JavaScript. In this situation, the client browser caches the page that contains the JavaScript code returned by WAF. Each time the protected website is requested, the cached page is accessed. WAF then verifies that the access request is from an invalid browser or crawler. The access request verification fails. As a result, an infinite loop occurs, the URI length exceeds the browser limit, and the website becomes inaccessible.
After JavaScript anti-crawler is enabled, WAF returns a piece of JavaScript code to the client when the client sends a request. If the client sends a normal request to the website, triggered by the received JavaScript code, the client will automatically send the request to WAF again. WAF then forwards the request to the origin server. This process is called JavaScript verification. Figure 2 shows how JavaScript verification works.
Handling Suggestions
Disable the JavaScript anti-crawler protection by performing the following steps:
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
in the upper left corner and choose Web Application Firewall (Dedicated) under Security. - In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Anti-Crawler configuration area, click Configure Anti-Crawler.Figure 3 Anti-Crawler configuration area
- Click the JavaScript tab and disable the JavaScript anti-crawler protection. Its status changes to
.