Blocked Traffic

This guide will assist you in troubleshooting traffic that is blocked by the Nova WAF.

What can trigger a block?

Nova can block traffic in many ways depending on your configuration. Primarily these include:

  1. NovaSense
  2. Layer 7 WAF match
  3. Anomaly detection
  4. Bot detection
  5. Nova Rules
  6. Geofencing

Block logging

Layer 7 blocks are logged in the WAF block log. However, layer 4 blocks are not. These TCP level blocks are immediate drops in the traffic and no layer 7 processing is done for them.

That means that typically you will see blocks in your WAF block log, but for certain types of blocks you will only see the Block number increase on your ADC and Node reports and live view.

That would be for hosts that match one of the following:

  1. Hit on a matching NovaSense list that's blocked
  2. Bot detection
  3. Geofencing
  4. Nova Rules

Debugging

To diagnose a client that's being incorrectly blocked we generally recommend disabling certain protections, namely:

  1. Anomaly detection
  2. Bot blocking
  3. Nova Rules

If they are still being blocked and you are using Geofencing it can be worthwhile disabling that to test if the geographic matching is correct.

Be sure to monitor your WAF block log, or the Security tab on your ADC to monitor for blocks.