Configs: data power XI50 4.0.
We have configured WAF for a backend Web application. This application sets cookies, redirects the URLs.
This is working as per expectation. But to expose this to outside world, requirement is to use MPGW and from MPGW route requests to WAF.
I have used Dynamic Routing, Non-XML in request/ response, ResetLocation.xsl for Server to Client Rule.
But 2 issues ares for setting up the cookies and URL redirection. The Cookies set up by Web Application are not seen while call going through MPGW and it gets redirected to WAF port/ url too.
Is it a Good Practice to use WAF in DMZ and direct requests to internal network DP WAF? See diag. below
Internet | FW| DMZ DP (WAF) |FW| I nternal n/w DP (WAF) --> Backend Web Application