[Bug] Blank Screen with HTML Dynamic Encryption enabled from Firefox/Opera

What happened?

Blank Screen appears with BOT PROTECTION - HTML Dynamic Encryption enabled

Description: everything has worked well for about half a year.
After six months our application started to show white screen when users work with Firefox.
The process: Client Verification (Anti-Bot challenge) - Dynamic Decryption - White Screen

Topology: Nginx Reverse Proxy --> WAF SafeLine --> Application Endpoint

WAF Version: 8.9.1, updated to 9.2.7

Client Software:

• OS: Windows 10/11
• Browser: Firefox 144.0.2

Client IP addresses/locations/countries: Different (any of them affected)

If client software is MacOS/Firefox, everything works well. If clients use Google Chrome, everything works well

Steps to resolve (failed):

1. Restart containers
2. Restart the server
3. Upgrade from version 8.9.1 to 9.1.7

Temporary Solution: Disable HTML Dynamic Encryption

How we reproduce?

There is no way to reproduce it 100%
There are only some conditions this problem appears under:
Clients OS: Windows 10/11
Client Browser: Firefox

Expected behavior

Application is loaded

Error log

192.168.200.250 is Nginx Reverse Proxy, 192.168.200.2 is the Application. These logs reflect the time we tried to load the App from Firefox so they are related to the issue 100%

cat logs/nginx/safeline/errorlog_5

2025/11/05 15:25:47 [error] 49#0: *1 connect() to unix:/resources/detector/snserver.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.200.250, server: myapp.domain.com, request: "POST /Default.aspx/GetServicveMode HTTP/1.1", host: "myapp.domain.com", referrer: "https://myapp.domain.com/"
2025/11/05 15:25:47 [error] 49#0: *1 connect() to unix:/resources/detector/snserver.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.200.250, server: myapp.domain.com, request: "POST /Default.aspx/GetServicveMode HTTP/1.1", upstream: "https://192.168.200.2:443/Default.aspx/GetServicveMode", host: "myapp.domain.com", referrer: "https://myapp.domain.com/"
2025/11/05 17:20:42 [error] 48#0: *1 connect() to unix:/resources/detector/snserver.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.200.250, server: myapp.domain.com, request: "POST /Default.aspx/GetServicveMode HTTP/1.1", host: "myapp.domain.com", referrer: "https://myapp.domain.com/"
2025/11/05 17:20:42 [error] 48#0: *1 connect() to unix:/resources/detector/snserver.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.200.250, server: myapp.domain.com, request: "POST /Default.aspx/GetServicveMode HTTP/1.1", upstream: "https://192.168.200.2:443/Default.aspx/GetServicveMode", host: "myapp.domain.com", referrer: "https://myapp.domain.com/"
2025/11/05 17:21:03 [error] 48#0: *13 connect() to unix:/resources/detector/snserver.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.200.250, server: myapp.domain.com, request: "POST /Default.aspx/GetServicveMode HTTP/1.1", host: "myapp.domain.com", referrer: "https://myapp.domain.com/"
2025/11/05 17:21:03 [error] 48#0: *13 connect() to unix:/resources/detector/snserver.sock failed (111: Connection refused) while connecting to upstream, client: 192.168.200.250, server: myapp.domain.com, request: "POST /Default.aspx/GetServicveMode HTTP/1.1", upstream: "https://192.168.200.2:443/Default.aspx/GetServicveMode", host: "myapp.domain.com", referrer: "https://myapp.domain.com/"

Same issue. Tried out the HTML dynamic encryption and the page will load once or twice, then it's a blank white page. Using Firefox as well, didn't test another browser since Firefox is my go to.

If there is JavaScript inside that depends on the HTML element structure—for example, if it reads specific divs with certain classes—then issues will arise because the encryption process modifies the entire HTML structure.

We need to check the container logs for safeline-detector.