For security reasons, I would like to activate "Drop invalid HTTP requests" in the nshttp_default_profile.
Because there are already several content switches and loadbalancing vservers configured on our appliance, I would like to log the affected requests.
Best option would be to log potentially dropped requests before activating the setting.
I tried a rewrite policy as well as a responder policy with "http.req.is_valid.not", bound them globally and then sent invalid requests. I know the requests are invalid, because when setting "drop invalid http requests", they are actually dropped.
But the hit counter of both policies does not count up.
Did I do something wrong? Is this the wrong approach? Any other ideas?
Thank!