When you want to open a URL which is on a webserver behind the WAF you will receive error 403 - forbidden.
When you then logon to the shell of the UTM and try to restart the WAF service you will get to see the following message:
# /var/mdw/scripts/reverseproxy restart
:: Starting reverseproxy
AH00526: Syntax error on line 1 of /usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.skip:
ModSecurity: Found another rule with the same id
First seen in
Sophos UTM 9.203
Sophos UTM 9.205
There is an issue with the option 'Common Threat Filter' in the firewall profile. Because of this the service is not able to work correctly and the WAF is not able to start.
Please follow this workaround:
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.