Security tip written by Lindsey Petrone

The “WHAT”

Disable Monitor Responses from Web Server

The “WHY”

To improve performance on your Web Servers, the ‘Monitor responses from Web Server’ setting may be disabled. When disabled, the DPI engine will not inspect web server response traffic. This would typically result in improved performance, especially for large responses.

Web client requests incoming to the server are still inspected by the DPI engine when this option is unchecked, and DPI rules which protect the web server and web application from malicious attacks are not affected by setting.

The “HOW”

  • Open up any Policy
  • Click on Intrusion Prevention (on the left)
  • Click on “Assign/Unassign…” button
  • From the top dropdown menus select the following options:
    • Web Application Protection
    • All
    • By Application Type

lindsey image 1

  • Find the “Web Server Common” section (I believe it should be second on the list and reference 22 rules)
  • You now have to click on where it says “Web Server Common” (it will highlight all of the rules) à Then right click (again, you must right click where it says “Web Server Common”
  • Select the “Application Type Properties…” option

lindsey image 2

  • Click on the Configuration tab
  • Uncheck the “Default” checkbox
  • Uncheck “Monitor responses from Web Server” checkbox:

 Disable Monitor

Congratulations you’ve successfully disabled the monitor responses from Web Server!