This article describes the Web Application Firewall troubleshooting scenarios.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
Web application firewalls help keep your servers safe from hackers by scanning activity and identifying probes and attacks.
Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos XG Firewall lets you protect your web servers from attacks and malicious behavior like cross-site scripting (XSS), SQL injection, directory traversal, and other potent attacks against your servers.
You can define external addresses (virtual web servers) which should be translated into the real machines in place of using the DNAT rule(s). From there, servers can be protected using a variety of patterns and detection methods.
In simpler terms, this area of Sophos XG Firewall allows the application of terms and conditions to requests which are received and sent from the web server. It also offers load balancing across multiple targets.
You can view the WAF log files from the following locations:
tail -f /log/reverseproxy.log
netstat natup | grep :80
If this does not work, there is a problem with your backend server.
# service WAF:status -ds nosync
# service WAF:restart -ds nosync
curl i k https://webserver.domain.com
openssl s_client -connect <ipadress>:portnumber -tls1_2
Use the following commands to:
# netstat natup |grep :80
# service WAF:<start/restart/stop> -ds nosync
# tail –f /log/reverseproxy.log
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.