applicure dotdefender ISAPI filter causing pdf issue

Question

I have recently migrated a web server form Server 2008 R2 to Server 2012 R2

The dotdefender application firewall works fine except for one issue.

On large PDF ~15MB or more it take anywhere from 1 - 5 minutes to load depending on the size.

PDF's smaller than ~14MB take no time at all.

Using procmon I was able to see the webservice build the file 10KB per second until the webservice had completed cached the file. (Im not sure what is really going on here) but i could see the file build until it have the total number of bits from the file.

After I enable tracing in IIS 8 i was able to see that dotdefender was being hit about once every second with 3 ISAPI filters.

dotDefenderCookieFilter --> C:\Program Files\Applicure\dotDefender for IIS\lib\dd_filt_cookie.dll

dotDefenderMaskingFilter --> C:\Program Files\Applicure\dotDefender for IIS\lib\dd_filt_masking.dll

dotDefenderResponseFilter --> C:\Program Files\Applicure\dotDefender for IIS\lib\dd_filt_response.dll

If i delete the:

dotDefenderResponseFilter --> C:\Program Files\Applicure\dotDefender for IIS\lib\dd_filt_response.dll

Filter the PDF would load fine.

I disable Check Responses in dotDefender but it had no effect.

Anyone who might be able to help me with this?

Answer 1

Hello and Sorry for bumping a bit old thread.

AFAIK Applicure DotDefender is not compatible with Windows Server 2012 R2. I tried it With Server 2012 R2 vs IIS 8.5 it isn't working anymore.

Here is whitepaper (that is written by me) regarding how to Protect IIS 8.5(or any Windows Web srv) using Apache~ mod_proxy + DotDefender 5.13.

Sorry, it is written in my native language but i hope you'll understand from it what's going on.

This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.

And the second choise in your case you can try to whitelist that URL (PDF upload page). But as we all know every whitelist is a potential "door" to machine.

Cheers.