VMware AVIWAF and Load Balancer sample event messages

{"adf":true,"significant":0,"significance":"Request ended abnormally: response code 4xx, WAF Match: WAF matched the transaction","udf":false,"virtualservice":"virtualservice-xxx-xxx-xxx-xxx-xxxx","report_timestamp":"2025-03-03T23:04:17.520114+00:00","service_engine":"WAF-se-tgido","vcpu_id":1,"log_id":2142194,"client_ip":"10.0.0.2","client_location":"US","client_src_port":44523,"client_dest_port":443,"client_rtt":1,"ssl_session_id":"xxxxx","ssl_version":"TLSv1.3","ssl_cipher":"TLS_AES_256_GCM_SHA384 kx:any auth:any enc:AESGCM256 mac:Mac PFS:True","sni_hostname":"example.com","http_version":1.1,"method":"GET","uri_path":"\/.DS_Store","orig_uri":null,"rewritten_uri_path":null,"uri_query":null,"rewritten_uri_query":null,"redirected_uri":null,"server_side_redirect_uri":null,"referer":null,"user_agent":"Go-http-client\/1.1","client_device":"Other","client_browser":"Other","client_os":"Other","xff":"10.0.0.2","persistence_used":null,"host":"example.com","etag":null,"persistent_session_id":null,"request_content_type":null,"response_content_type":"text\/html","request_length":314,"cache_hit":null,"cacheable":true,"network_security_policy_rule_name":null,"http_security_policy_rule_name":null,"http_request_policy_rule_name":null,"http_response_policy_rule_name":null,"pool":null,"pool_name":null,"server_ip":null,"server_name":null,"server_conn_src_ip":null,"server_dest_port":null,"server_src_port":null,"server_rtt":null,"server_response_length":null,"server_response_code":null,"server_response_time_first_byte":null,"server_response_time_last_byte":null,"app_response_time":null,"data_transfer_time":0,"total_time":2,"response_length":4048,"response_code":403,"response_time_first_byte":1,"response_time_last_byte":1,"compression_percentage":0,"compression":"NO_COMPRESSION_CAN_BE_COMPRESSED","client_insights":"NO_INSIGHTS_NOT_SAMPLED_TYPE","connection_error_info":null,"spdy_version":null,"request_headers":557635,"response_headers":12,"request_state":"AVI_HTTP_REQUEST_STATE_READ_CLIENT_REQ_HDR","datascript_error_trace":null,"all_request_headers":"Host: example.com\r\nuser-agent: Go-http-client\/1.1\r\nAccept-Encoding: gzip, deflate, br\r\nAccept: *\/*\r\nConnection: keep-alive\r\nX-Forwarded-For: 10.0.0.2\r\nCookie: PHPSESSID=xxxx1111; security=low; PHPSESSID=xxxx1111; security=low\r\n","all_response_headers":"Content-Type: text\/html\r\nContent-Length: 3907\r\nConnection: keep-alive\r\n","user_id":null,"significant_log":"['ADF_RESPONSE_CODE_4XX', 'ADF_WAF_MATCH']","datascript_log":null,"microservice":null,"microservice_name":null,"headers_sent_to_server":null,"headers_received_from_server":null,"server_ssl_session_id":null,"server_connection_reused":null,"server_ssl_session_reused":null,"vs_ip":"10.158.172.124","body_updated":null,"waf_log":"{'rule_logs': [{'phase': 'Request Body', 'rule_id': '930130', 'rule_group': 'CRS_930_Application_Attack_LFI', 'msg': 'Restricted File Access Attempt', 'matches': [{'match_element': 'REQUEST_FILENAME', 'match_value': '\/.ds_store', 'is_internal': True, 'match_value_offset': '0'}], 'tags': ['application-multi', 'language-multi', 'platform-multi', 'attack-lfi', 'paranoia-level\/1', 'OWASP_CRS', 'CAPEC-255', 'CAPEC-153', 'CAPEC-126', 'PCI\/6.5.4', 'CRS-group-930'], 'rule_name': 'Check for Restricted File Access', 'omitted_match_elements': 0}], 'status': 'REJECTED', 'latency_request_header_phase': '229', 'latency_request_body_phase': '406', 'latency_response_header_phase': '0', 'latency_response_body_phase': '0', 'rules_configured': True, 'psm_configured': False, 'application_rules_configured': False, 'allowlist_configured': False, 'allowlist_processed': False, 'rules_processed': True, 'psm_processed': False, 'application_rules_processed': False, 'memory_allocated': '71576', 'omitted_signature_stats': {'rules': 0, 'match_elements': 0}, 'omitted_app_rule_stats': {'rules': 0, 'match_elements': 0}, 'learning_status': 'SERVER_ERROR'}","client_ip6":null,"vs_ip6":null,"server_ip6":null,"server_conn_src_ip6":null,"request_id":"emo-rXkQ-1Aei","request_served_locally_remote_site_down":null,"http2_stream_id":null,"cipher_bytes":null,"client_cipher_list":null,"client_log_filter_name":null,"saml_authentication_used":null,"saml_session_cookie_valid":null,"saml_auth_request_generated":null,"saml_auth_response_received":null,"saml_auth_session_id":null,"servers_tried":null,"paa_log":null,"cache_disabled_by_ds":null,"grpc_status":null,"ocsp_status_resp_sent":null,"critical_error_encountered":null,"grpc_service_name":null,"grpc_method_name":null,"grpc_status_reason_phrase":null,"icap_log":null,"saml_log":null,"jwt_log":"{'is_jwt_verified': False}","ntlm_log":null,"oob_log":null,"session_id":null,"bot_management_log":null,"max_ingress_latency_fe":0,"avg_ingress_latency_fe":0,"conn_est_time_fe":0,"max_ingress_latency_be":null,"avg_ingress_latency_be":null,"conn_est_time_be":null,"source_ip":"10.2.0.3","source_ip6":null,"oauth_log":null,"auth_status":null,"client_fingerprints":"{'tls_client_info': {'client_hello_tls_version': 771, 'cipher_suites': [111, 11, 11, 111], 'tls_extensions': [0, 11, 10, 35, 16, 22, 23, 13, 43, 45, 51], 'supported_groups': [29, 23, 30, 25, 24], 'point_formats': [0, 1, 2], 'uses_grease': False}, 'full_tls_fingerprint': 'xxxxx', 'filtered_tls_fingerprint': 'xxxxx'}","server_push_initiated":null,"server_pushed_request":null,"vh_match_rule":null}