When website visitors are trying to access your site or application and encounter an error, Imperva displays an error page with information to help you identify the error in your account in the Cloud Security Console. Details include:

error code
time stamp
the source IP address of the request
the IP address and internal ID of the Imperva proxy that handled the request
the incident ID

3 There was an error in processing the request
The request was dropped due to a malformed HTTP request that cannot be processed by the Imperva proxy.

What can I do? Clear cookies from your browser and try again.

SIEM log entry: REQ_BAD_PARSE_ERROR

4 The request could not be fully read
The request was dropped due to idle timeout, although the Imperva proxy was able to establish a connection to the origin server.

This error can result from a slow server response, or termination of the request by the client.

SIEM log entry: REQ_BAD_TIMEOUT

5 There was an error in processing the server response
The request did not receive a complete response due to a malformed HTTP response from your origin server.

SIEM log entry: REQ_BAD_RESP_PARSE_ERROR

8 The proxy failed to connect to the web server, due to TCP connection rejection (TCP Reset)
The Imperva proxy could not connect to your origin server, due to rejection of the TCP connection (TCP Reset).

What can I do? Make sure that Imperva IPs are whitelisted in your web server firewall and in the firewall deployed in front of your web server. For details, see Imperva IP addresses.

SIEM log entry: REQ_BAD_CONNECTION_TO_SERVER

9 Error code 9
The response to the HTTP request was incomplete. The client closed the TCP connection before receiving the full response.

SIEM log entry: REQ_BAD_CLIENT_CLOSED_CONNECTION

14 This request was blocked by our security service
The request was blocked based on your Block User or Block IP WAF settings. For details, see Web Protection - WAF Settings.

Once the user or IP is blocked, the related session is blocked, and subsequent requests trigger this error.

What can I do? Investigate the incident on the Security Events page in the Cloud Security Console. You can filter the events for one of the details in the error message, such as Incident ID or IP. For details, see View Security Events.

SIEM log entry: REQ_BLOCKED_SESSION

15 This request was blocked by our security service
The request was blocked based on your WAF settings (Block Request, Block User, or Block IP) in the Cloud Security Console. For details, see Web Protection - WAF Settings.

What can I do? Investigate the incident on the Security Events page in the Cloud Security Console. You can filter the events for one of the details in the error message, such as Incident ID or IP. For details, see View Security Events.

SIEM log entry: REQ_BLOCKED_SECURITY

16 This request was blocked by our security service
The request was blocked based on your security settings (Bot Access Control or Block Specific Sources) in the Cloud Security Console. For details, see Web Protection - Security Settings.

SIEM log entry: REQ_BLOCKED_ACL

17
This request was blocked by our security service

The request was blocked based on your Block User WAF settings. For details, see Web Protection - WAF Settings.

This error is displayed when the visitor was blocked and the session was cookieless.

What can I do? Investigate the incident on the Security Events page in the Cloud Security Console. You can filter the events for one of the details in the error message, such as Incident ID or IP. For details, see View Security Events.

SIEM log entry: REQ_BLOCKED_VISITOR

18
Requests to the web site you are trying to access cannot be served (The site was probably removed from the service because it is in violation of our terms of service or if it is under a DDoS attack and site service plan does not cover DDoS mitigation)

The request was blocked because the site is under DDoS attack and your subscription plan does not include DDoS mitigation.

Contact your Imperva sales representative for more details.

SIEM log entry: REQ_BLOCKED_DDOS

20 The proxy failed to connect to the web server, due to TCP connection timeout
Imperva could not connect to your origin server.

What can I do?

Make sure that Imperva IPs are whitelisted in your web server firewall and in the firewall deployed in front of your web server. For details, see Imperva IP addresses.
Make sure that your origin server is up and running properly.
SIEM log entry: REQ_BAD_TIMEOUT_CONNECTION_TO_SERVER

22
The proxy failed to resolve site from host name, if this site was recently added please allow a few minutes before trying again

The site is not registered on the Imperva service, but a user is attempting to force a direct connection to Imperva IP addresses using the hosts file or another method.

What can I do?

Verify that the website is configured in the Cloud Security Console.
If the website was recently added, wait a few minutes and try again.
SIEM log entry: REQ_UNRESOLVED_SITE_UNKNOWN

23
The proxy failed to resolve site from host name - duplicate sites with same host name exist. To resolve this issue, complete the DNS changes as instructed

There is more than one site in your account with the same host name.

What can I do? Make sure that there is only one site with a given host name configured in the Cloud Security Console.

SIEM log entry: REQ_UNRESOLVED_SITE_DUPLICATE

24
The proxy failed to resolve site from host name - CNAME is invalid. To resolve this issue, complete the DNS changes as instructed

The site cannot be resolved due to restrictions on your account or misconfiguration.

What can I do? Make sure that the site was added and is configured properly in the Cloud Security Console.

SIEM log entry: REQ_UNRESOLVED_SITE_INVALID_CNAME

26
The proxy failed to connect to the web server, SSL connection failed

The Imperva proxy is not able to complete a valid SSL handshake with your origin server. Imperva may be connecting using a protocol that is not supported by your origin server.

What can I do?

Verify that your origin server supports secure (SSL) connections.
Make sure that the SSL certificate is properly installed on your origin server.
SIEM log entry: REQ_BAD_CONNECTION_TO_SERVER_SSL_FAILURE

29
SSL is not supported

SSL is not enabled for the site in the Cloud Security Console.

What can I do? Make sure that you have generated an Imperva certificate or have uploaded your own custom certificate to the Cloud Security Console. For details, see Web Protection - General Settings.

SIEM log entry: REQ_SSL_NOT_SUPPORTED

30 The proxy failed to connect to the web server, no web server IP is defined
The origin server for the site is not configured in the Cloud Security Console.

What can I do? Configure your origin server settings on the Origin Servers page. For details, see Load Balancing Settings.

SIEM log entry: REQ_NO_IP_FOUND

31 Port not supported
The HTTP request specifies an unsupported port number.

SIEM log entry: REQ_ILLEGAL_PORT

32
The proxy failed to connect to the web server

Imperva cannot connect to the origin server. All origin IP addresses are inaccessible.

What can I do? Make sure that the origin server is up and running, and that the origin server settings are configured properly in the Cloud Security Console.

SIEM log entry: REQ_ALL_IPS_DOWN

33
Timeout reading request POST/PUT body

There may be a temporary network issue, or connectivity issues between Imperva and the origin server.

What can I do? Make sure that the origin server is up and running.

SIEM log entry: REQ_POST_TIMEOUT

35 The certificate on the web server is not valid.
The certificate on your origin server may be missing, revoked, expired, or there may be a hostname mismatch between the certificate and the requested domain name.

What can I do? Make sure that a valid certificate is installed on your origin server.

Note: This error is only displayed if the Validate Server Certificate option is enabled for your site. By default, the option is disabled. To enable the option, contact Support.

SIEM log entry: REQ_BAD_SERVER_CERTIFICATE

36 This site does not have an IPV6 address, please use IPV4 instead
IPv6 support is not enabled for this site in Imperva. To enable IPv6 for a site, contact Imperva Support.

SIEM log entry: REQ_IPV6_NOT_SUPPORTED

37
The site is using an origin server which is reserved for another account.

For details, see the Origin Lock section of Account Settings.

What can I do? Make sure that the correct origin server is configured in the Cloud Security Console.

SIEM log entry: REQ_LOCKED_IP_VIOLATION

38
The domain was blacklisted as it violates Imperva terms of use.

The domain was blacklisted as it violates Imperva terms of use.

Contact Imperva Support.

SIEM log entry: REQ_DOMAIN_BLACKLISTED

39 The domain is pointing to the wrong DNS records.
What can I do? Make sure to perform the required DNS changes according to instructions in the Cloud Security Console Websites page. For details, see Web Protection - Websites.

SIEM log entry: REQ_ILLEGAL_IP_VIOLATION

40 The SSL certificate on the origin server was issued to a different domain.
What can I do? Make sure the certificate on the origin server is issued to the correct domain.

SIEM log entry: REQ_SSL_CERT_HOST_MISMATCH

41 The site is not currently configured to support non-SNI connections.
What can I do? To change the current configuration, contact Imperva Support.

SIEM log entry: REQ_NON_SNI_FORBIDDEN

42 The client did not provide a client certificate, and the site requires one in all connections.
SIEM log entry: REQ_CLIENT_CERT_REQUIRED

43
Too many connections are open simultaneously between the Imperva proxy and the origin server.

What can I do? If you are running a load test, make sure to distribute testing machines between several different locations.

SIEM log entry: REQ_TOO_MANY_CONNECTIONS_TO_ORIGIN

44 The proxy failed to connect to the web server. Detected loop in CDN.
The request was dropped due to the detection of a CDN Loop.

What can I do? Make sure your origin does not forward requests that arrived at Imperva CDN back to Imperva CDN.

Last updated: 2023-03-05