Scenario: During application troubleshooting, a Citrix Engineer notices that response traffic received from a protected web application is NOT matching what the web server is sending out. The engineer is concerned that someone is trying to disrupt caching behavior.
Which action is the Citrix Web App Firewall performing that would trigger this false positive?
The action of removing the Last-Modified header can disrupt caching mechanisms because this header is critical for caches to determine if the content has been altered since it was last fetched. Without this header, caches may not refresh content properly, which could lead to inconsistencies between what is stored in the cache and what the web server actually sends out. This disruption in caching behavior could trigger false positives during application troubleshooting.
Should be A
without Header pages get wrongly cached; should be A
Please ignore my previous comment, A makes more sense in this case, same article: https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/introduction-to-citrix-web-app-firewall.html
Changing my answer to A: A. Removing the Last-Modified header. This action can affect the caching behavior because the "Last-Modified" header is used by caches to understand if the content has changed since the last time it was retrieved. If the Web App Firewall removes this header, it can disrupt the caching mechanism, leading to a false positive regarding caching behavior.
wny not C? The documentation (https://docs.netscaler.com/en-us/citrix-adc/13-1/application-firewall/introduction-to-citrix-web-app-firewall) refers to the Accept-Encoding header being dropped but doesn't list "Last-Modified" but rather "If-Modified-Since" header.