diff --git a/pkg/acquisition/modules/waf/waf.go b/pkg/acquisition/modules/waf/waf.go
index 3f08edc54..355f7aeff 100644
--- a/pkg/acquisition/modules/waf/waf.go
+++ b/pkg/acquisition/modules/waf/waf.go
@@ -591,7 +591,7 @@ func (w *WafSource) wafHandler(rw http.ResponseWriter, r *http.Request) {
 	parsedRequest, err := waf.NewParsedRequestFromRequest(r)
 	if err != nil {
 		log.Errorf("%s", err)
-		rw.WriteHeader(http.StatusForbidden)
+		rw.WriteHeader(http.StatusInternalServerError)
 		return
 	}
 	w.InChan <- parsedRequest
@@ -600,7 +600,7 @@ func (w *WafSource) wafHandler(rw http.ResponseWriter, r *http.Request) {
 
 	if message.Err != nil {
 		log.Errorf("Error while processing InBAND: %s", err)
-		rw.WriteHeader(http.StatusOK)
+		rw.WriteHeader(http.StatusInternalServerError)
 		return
 	}
 
@@ -622,7 +622,8 @@ func (w *WafSource) wafHandler(rw http.ResponseWriter, r *http.Request) {
 	rw.WriteHeader(http.StatusOK)
 	body, err := json.Marshal(BodyResponse{Action: "allow"})
 	if err != nil {
-		log.Errorf("unable to build response: %s", err)
+		log.Errorf("unable to marshal response: %s", err)
+		rw.WriteHeader(http.StatusInternalServerError)
 	} else {
 		rw.Write(body)
 	}
diff --git a/pkg/waf/request.go b/pkg/waf/request.go
index 1cf28a9f3..42cd9d6d5 100644
--- a/pkg/waf/request.go
+++ b/pkg/waf/request.go
@@ -85,12 +85,24 @@ func NewParsedRequestFromRequest(r *http.Request) (ParsedRequest, error) {
 
 	// the real source of the request is set in 'x-client-ip'
 	clientIP := r.Header.Get(IPHeaderName)
+	if clientIP == "" {
+		return ParsedRequest{}, fmt.Errorf("Missing '%s' header", IPHeaderName)
+	}
 	// the real target Host of the request is set in 'x-client-host'
 	clientHost := r.Header.Get(HostHeaderName)
+	if clientHost == "" {
+		return ParsedRequest{}, fmt.Errorf("Missing '%s' header", HostHeaderName)
+	}
 	// the real URI of the request is set in 'x-client-uri'
 	clientURI := r.Header.Get(URIHeaderName)
+	if clientURI == "" {
+		return ParsedRequest{}, fmt.Errorf("Missing '%s' header", URIHeaderName)
+	}
 	// the real VERB of the request is set in 'x-client-uri'
 	clientMethod := r.Header.Get(VerbHeaderName)
+	if clientMethod == "" {
+		return ParsedRequest{}, fmt.Errorf("Missing '%s' header", VerbHeaderName)
+	}
 
 	// delete those headers before coraza process the request
 	delete(r.Header, IPHeaderName)