This section explains the limitations of the import script and manual changes that can be applied.

DAST scanners can report multiple issues that are not handled by the avi-iwaf-vpatch.py script. Though many of them might be beyond the scope of WAF, some can be mitigated by appropriate settings in Avi Load Balancer. Following are some examples:

  1. Issues related to click-jacking can be mitigated by adding a X-Frame-Options HTTP header.

  2. In the Avi Load Balancer admin UI, navigate to Virtualservice > Policies > HTTP Response action and select Add Header option.

  3. Some issues related to cookies can be as follows:

    1. A cookie has been set without the HttpOnly flag.

    2. Cookie Does Not Contain the secure Attribute.

    These can be set by selecting appropriate options under Application Profile > Security.