WAF 9.6 & websocket support

Has anybody tried this new feature. It sits under site path routing and I'm wondering in what instance you would use it?

  • Some people on this site have been asking for WAF to include websocket support for some time.   I understand it as a way to call a web function from within a program or another web page, in roughly the same way that you would call a subroutine.

    What I find fascinating is that websockets capability is not mentioned as a new feature in the release notes for either 9.60 or 9.61.    If it is not fully implemented, why is the user interface enabled?   Whether it is finished or not, why is nothing mentioned in the release notes?

  • In reply to DouglasFoster:

    Indeed. If you check the WAF logs, you will also see:

    websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XXXXXXXXXXXXXXXXXX"

     

    appended to the logs which wasn't there before....

  • In reply to Louis-M:

    Anybody tried this yet? It's curious that the option is situated under "site path routing"

    Does that mean that anything going to /SitePathRoute will use websocket instead?

  • In reply to Louis-M:

    My sense is, Louis, that those fields are only populated when the web server uses websockets.  It will be interesting to see if others that clamored for websocket support confirm that this works now.

    Cheers - Bob

  • In reply to BAlfson:

    Take a look at the Online Help.

    Enable WebSocket passthrough: Select this option if you want to allow WebSocket communication. That way WebSocket traffic is not controlled by the WAF at all and any other option you may have enabled in the WAF will not apply to WebSocket traffic.

    Its in XG since 2 years. 

  • In reply to BAlfson:

    Hi Bob,

     

    I didn´t "clamor" for reverseproxy (but in fact for the webproxy function in UTM! still not there, right?!) but I needed this today and it actually works. In the developer tools in chrome for example you will see instead of http, the websocket protocol in red, as long it´s not working, the request will fail, until this feature is enabled.

     

    This is actually nice Sophos.

     

    BR,

    Sebastian