This section explains the limitations of the import script and manual changes that can be applied.

DAST scanners can report multiple issues that are not handled by the avi-iwaf-vpatch.py script. Though many of them might be beyond the scope of WAF, some can be mitigated by appropriate settings in NSX Advanced Load Balancer. Following are some examples.

Issues related to clickjacking can be mitigated by adding a X-Frame-Options HTTP header.

The following are the steps to add a HTTP header.

1. In the NSX Advanced Load Balancer admin UI, navigate to Applications > Virtual Services and edit a virtual service.

2. Click Policies tab and navigate to HTTP Response tab.

3. Click the + icon to add a new header.

Some issues related to cookies can be as follows.

1. A cookie has been set without the HttpOnly flag.

2. Cookie Does Not Contain the secure attribute.

These can be set by selecting appropriate options under Application Profile > Security.