utm 9 reverse proxy configuration

i want to use the utm 9 virtual webserver protection reverse proxy to protect my nextcloud installation.

I have nextcloud with collabora running in docker, and I cant get collabora working. I imported the letsencrypt certificates to the utm, wo the ssl is not a problem. Hase someone an idea on hwo to modify the reverse proxy on the utm to get it working with collabora?

  • In reply to Stefan Fröchtenicht:

    Hi Stefan,

    Hmm interesting. Everything looks OK. What you could double check, in the reverseproxy.conf file, is the specific vhost and if it contains the line: WAFExceptions PATH "/AllowEncodedSlashes/" SkipAntiVirus

    The virtual server of my customer has also enabled the RewriteHTML and RewriteCookies, but I'm not sure if that makes any difference.
    Also, the init script logs to reverseproxy.log: when you grep on "AllowEncodedSlashes" you should at least see something like "AllowEncodedSlashes found - fixing" or "AllowEncodedSlashes not found - skipping". If not, it looks like the hook is not being triggered... somehow ..

    KR,
    Onno.

  • In reply to Onno vdL:

    Sorry, but is 

    ${CHROOT}/usr/apache/conf/reverseproxy.conf

     

    correct?

     

    this file doestnt exsists...

    In the logs i get a "not found" then a "found - Fixing".

    so it should work...

  • In reply to Onno vdL:

    Your patch resolved the AH00026 error for me. Tx. I had to change the argument after AllowEncodedSlashes from On to NoDecode to resolve a follow-up issue with ID 973338 but otherwise fine.

    The GUI from Collabora Online (CODE) now loads but the document is still not parsed.

    In the reverseproxy.log there are two similar lines with statuscode 500:

    2019:09:11-16:44:44 fw-2 httpd: id="0299" srcip="my.client.ip" localip="my.server.ip" size="620" user="-" host="my.client.ip" method="GET" statuscode="500" reason="-" extra="-" exceptions="-" time="14333" url="/lool/https:/my.NC.FQDN/nextcloud/index.php/apps/richdocuments/wopi/files/222626_oczvwerl8jzj?access_token=VD0rd2gwyuliLG0bTGgORabtIWhOZaom&access_token_ttl=0&permission=edit/ws" server="my.CODE.FQDN" port="443" query="?WOPISrc=https%3A%2F%2Fmy.NC.FQDN%2Fnextcloud%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F222626_oczvwerl8jzj&compat=/ws" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="vkcUi9RgZ7CKJvxYw1oscg==" websocket_version="13" uid="XXkIXMCoAv4AAEl0RvsAAAB2"

     

    No other errors in the log. Looks like WAF is not playing nice with WebSockets :-(

    https://ideas.sophos.com/forums/17359-sg-utm/suggestions/4849021-websocket-support-for-waf points to several issues and mixed results with the new feature in UTM 9.6

    Suggestions welcome.