Hello,
This problem comes and goes, so it has been difficult to solve. I think I know what's going on, but I am still unsure of the best way to handle it.
The Access Denied message is the custom one I set up under Configure WAF > Customisation > Custom Message. Also, Show errors using a customizable HTML template is set to YES, and Send troubleshooting email on administrative functions is set to YES.
When there is an attack (we have many), the Custom message is displayed and cached by the System, so for however long the Cache Time is set, everyone gets the Access Denied message.
As per your instruction, the Platform Specific Caching is set to NO. When I go into System - Page Cache, the Use Browser Caching is set to YES, and I can't find a setting for Exclude Menu Items because, on every page, the Navigation section is template-based and used on every page starting with the Home page which is attacked the most. No matter what I enter, the site becomes un-cached and very slow. I had the Cache Time set to 30 minutes, which caused the site to be unavailable to everyone for that length of time.
So far, my only choice has been to turn the Cache Time down to 5 minutes (which is not really a solution). I'm not sure what to do because my understanding was that when WAF restricts Access, the Custom Message echoed should not be cached in the first place. There must be a solution, but I haven't been able to find it.
What do you think I should try next?
Thank you for your time and attention to this matter,
marc
