This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange OWA Access through Web Application Firewall

 So I am trying to configure Exchange OWA web access through the Webserver protection area on our UTM 9. I've followed the guide here: https://community.sophos.com/kb/en-us/131787

However I am still unable to login with a test user to our Exchange server. I can get as far as the UTM login pass-through page but here it just refreshes each time i put credentials in giving me no error.

I've attached the log below. Does anyone know what I might be doing wrong/what is going wrong?

 

Live Log: Web Application Firewall	
Filter:	
	Autoscroll	
Reload
2019:08:14-15:34:57 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="220" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="SkipURLHardening" time="46378" url="/favicon.ico" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcEcCoeAEAAHUNCIkAAAAG"
2019:08:14-15:35:06 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="189" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="331427" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcGsCoeAEAAHUNCIoAAAAG"
2019:08:14-15:35:06 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="78172" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcGsCoeAEAAHUNCIsAAAAG"
2019:08:14-15:35:15 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="83031" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcI8CoeAEAAHUNCIwAAAAG"
2019:08:14-15:35:24 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="79841" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcK8CoeAEAAHUNCI0AAAAG"
2019:08:14-15:35:31 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="85798" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcM8CoeAEAAHUNCI4AAAAG"
2019:08:14-15:35:42 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="83937" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcPsCoeAEAAHUNCI8AAAAG"
2019:08:14-15:36:34 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="74433" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQccsCoeAEAAHUNCJAAAAAI"
2019:08:14-15:36:34 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="49817" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQccsCoeAEAAHUNCJEAAAAI"
2019:08:14-15:36:46 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="81323" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcfsCoeAEAAHUNCJIAAAAI"
2019:08:14-15:39:02 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="381" user="-" host="94.192.179.216" method="GET" statuscode="401" reason="auth" extra="authentication required" exceptions="-" time="62000" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdBsCoeAEAAHUNCJMAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="98351" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJQAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="213" user="-" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="27842" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJUAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="559" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="29367" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJYAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="552" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="28329" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJcAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="13247" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="54027" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJgAAAAK"
2019:08:14-15:39:11 xan-utm httpd[29965]: [url_hardening:error] [pid 29965:tid 4043557744] [client 94.192.179.216:58919] No signature found, URI: https://xanexchange.xanalys.com/favicon.ico, referer: https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="220" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="SkipURLHardening" time="45745" url="/favicon.ico" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJkAAAAK"
2019:08:14-15:39:38 xan-utm httpd[29965]: [authnz_aua:error] [pid 29965:tid 4035165040] [client 94.192.179.216:58921] [james.outlook-test@xanalys.com] AUA responded with 'DENIED', referer: https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=
2019:08:14-15:39:38 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="213" user="james.outlook-test@xanalys.com" host="94.192.179.216" method="POST" statuscode="302" reason="auth" extra="user denied" exceptions="SkipURLHardening" time="276348" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdKsCoeAEAAHUNCJoAAAAL"
2019:08:14-15:39:39 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="559" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="31125" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdK8CoeAEAAHUNCJsAAAAL"
2019:08:14-15:39:39 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="552" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="27829" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdK8CoeAEAAHUNCJwAAAAL"
2019:08:14-15:39:39 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="13247" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="58393" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdK8CoeAEAAHUNCJ0AAAAL"
2019:08:14-15:39:39 xan-utm httpd[29965]: [url_hardening:error] [pid 29965:tid 4035165040] [client 94.192.179.216:58921] No signature found, URI: https://xanexchange.xanalys.com/favicon.ico, referer: https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=
2019:08:14-15:39:39 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="220" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="SkipURLHardening" time="48883" url="/favicon.ico" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdK8CoeAEAAHUNCJ4AAAAL"
2019:08:14-15:39:48 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="189" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="348849" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdNMCoeAEAAHUNCJ8AAAAL"
2019:08:14-15:39:48 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="69930" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdNMCoeAEAAHUNCKAAAAAL"
2019:08:14-15:39:59 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="0" user="-" host="94.192.179.216" method="-" statuscode="408" reason="-" extra="-" exceptions="-" time="7" url="-" server="-" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="-"
2019:08:14-15:40:19 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="381" user="-" host="94.192.179.216" method="GET" statuscode="401" reason="auth" extra="authentication required" exceptions="-" time="44353" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdU8CoeAEAAHUNCKEAAAAO"
2019:08:14-15:40:28 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="121556" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdXMCoeAEAAHUNCKIAAAAO"
2019:08:14-15:40:28 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="88155" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdXMCoeAEAAHUNCKMAAAAO"
2019:08:14-15:40:28 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="62245" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdXMCoeAEAAHUNCKQAAAAO"
2019:08:14-15:41:08 xan-utm httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="809" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="267" url="/lb-status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdhMCoeAEAAHUNCKUAAAAP"
2019:08:14-15:41:22 xan-utm httpd[29965]: [authz_blacklist:warn] [pid 29965:tid 3993201520] [client 52.125.138.122:33890] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:41:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1173" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdksCoeAEAAHUNCKYAAAAQ"
2019:08:14-15:41:44 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="94784" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdqMCoeAEAAHUNCKcAAAAR"
2019:08:14-15:41:51 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="68478" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdr8CoeAEAAHUNCKgAAAAR"
2019:08:14-15:42:00 xan-utm httpd[31783]: Restarting gracefully
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroExcha2016Autod] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroTestWebsit] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroTika] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanmaWebma] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanmail2] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanpcidemo] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: Syntax OK
2019:08:14-15:42:01 xan-utm httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="34445" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="764" url="/status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQducCoeAEAAHUNCKkAAAAS"
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroExcha2016Autod] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroTestWebsit] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroTika] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanmaWebma] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanmail2] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanpcidemo] does not exist
2019:08:14-15:42:01 xan-utm httpd[7954]: [mpm_worker:notice] [pid 7954:tid 4147590848] AH00297: SIGUSR1 received. Doing graceful restart
2019:08:14-15:42:03 xan-utm httpd[7954]: [proxy_protocol:notice] [pid 7954:tid 4147590848] ProxyProtocol: disabled on 127.0.0.1:4080
2019:08:14-15:42:03 xan-utm httpd[7954]: [mpm_worker:notice] [pid 7954:tid 4147590848] AH00292: Apache/2.4.25 (Unix) OpenSSL/1.0.2j-fips configured -- resuming normal operations
2019:08:14-15:42:03 xan-utm httpd[7954]: [core:notice] [pid 7954:tid 4147590848] AH00094: Command line: '/usr/apache/bin/httpd'
2019:08:14-15:42:03 xan-utm httpd[7954]: [mpm_worker:warn] [pid 7954:tid 4147590848] AH00291: long lost child came home! (pid 29788)
2019:08:14-15:42:04 xan-utm httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="34217" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1510" url="/status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdvMCoeAEAAHxz6GYAAAA-"
2019:08:14-15:42:04 xan-utm httpd[32023]: Restarted
2019:08:14-15:42:10 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="381" user="-" host="94.192.179.216" method="GET" statuscode="401" reason="auth" extra="authentication required" exceptions="-" time="45390" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdwsCoeAEAAH0k6-0AAAAM"
2019:08:14-15:42:16 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="389987" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k6-4AAAAM"
2019:08:14-15:42:16 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="213" user="-" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="21424" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k6-8AAAAM"
2019:08:14-15:42:16 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="559" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="29546" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k7AAAAAAM"
2019:08:14-15:42:16 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="552" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="23389" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k7AEAAAAM"
2019:08:14-15:42:17 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="13247" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="46399" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k7AIAAAAO"
2019:08:14-15:42:17 xan-utm httpd[32036]: [url_hardening:error] [pid 32036:tid 4009986928] [client 94.192.179.216:58931] No signature found, URI: https://xanexchange.xanalys.com/favicon.ico, referer: https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=
2019:08:14-15:42:17 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="220" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="SkipURLHardening" time="39848" url="/favicon.ico" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdycCoeAEAAH0k7AMAAAAO"
2019:08:14-15:42:24 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="189" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="339249" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdz8CoeAEAAH0k7AQAAAAO"
2019:08:14-15:42:24 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="91393" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQd0MCoeAEAAH0k7AUAAAAO"
2019:08:14-15:42:32 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="70916" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQd2MCoeAEAAH0k7AYAAAAO"
2019:08:14-15:42:40 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="73712" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQd4MCoeAEAAH0k7AcAAAAO"
2019:08:14-15:42:49 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="66669" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQd6cCoeAEAAH0k7AgAAAAO"
2019:08:14-15:43:15 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3984808816] [client 52.125.141.36:54514] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:43:15 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1147" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQeA8CoeAEAAH0k7AkAAAAR"
2019:08:14-15:43:15 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3993201520] [client 52.125.141.36:54512] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:43:15 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1265" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQeA8CoeAEAAH0k7AoAAAAQ"
2019:08:14-15:44:48 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="87549" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQeYMCoeAEAAH0k7AsAAAAT"
2019:08:14-15:50:06 xan-utm httpd[32036]: [authnz_aua:error] [pid 32036:tid 3951238000] [client 213.205.242.185:36846] [James-outlook-test] session timeout expired
2019:08:14-15:50:06 xan-utm httpd: id="0299" srcip="213.205.242.185" localip="82.68.126.11" size="221" user="James-outlook-test" host="213.205.242.185" method="GET" statuscode="302" reason="auth" extra="session timed out" exceptions="SkipURLHardening" time="93374" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1; mzmirudqpf_cookie=0eee9fab4eaf29d50ac01679c874cd4d2fa68504" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQfnsCoeAEAAH0k7AwAAAAV"
2019:08:14-15:50:06 xan-utm httpd: id="0299" srcip="213.205.242.185" localip="82.68.126.11" size="567" user="-" host="213.205.242.185" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="24869" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8/Yk89MQ==" referer="-" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQfnsCoeAEAAH0k7A0AAAAV"
2019:08:14-15:50:07 xan-utm httpd: id="0299" srcip="213.205.242.185" localip="82.68.126.11" size="552" user="-" host="213.205.242.185" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="22857" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQfn8CoeAEAAH0k7A4AAAAV"
2019:08:14-15:50:07 xan-utm httpd: id="0299" srcip="213.205.242.185" localip="82.68.126.11" size="13247" user="-" host="213.205.242.185" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="38503" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQfn8CoeAEAAH0k7A8AAAAX"
2019:08:14-15:51:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3917667184] [client 52.125.138.122:49362] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:51:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1170" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQf6sCoeAEAAH0k7BAAAAAZ"
2019:08:14-15:51:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3900881776] [client 52.125.138.122:49364] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:51:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1075" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQf6sCoeAEAAH0k7BEAAAAb"
2019:08:14-15:53:15 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3884096368] [client 52.125.141.36:50462] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:53:15 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1121" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQgW8CoeAEAAH0k7BIAAAAd"
2019:08:14-16:01:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3867310960] [client 52.125.138.122:37230] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:01:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1405" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQiQsCoeAEAAH0k7BMAAAAf"
2019:08:14-16:01:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3850525552] [client 52.125.138.122:37228] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:01:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1135" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQiQsCoeAEAAH0k7BQAAAAh"
2019:08:14-16:03:16 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3825347440] [client 52.125.141.36:45276] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:03:16 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1217" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQitMCoeAEAAH0k7BUAAAAk"
2019:08:14-16:03:16 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3833740144] [client 52.125.141.36:45274] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:03:16 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1288" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQitMCoeAEAAH0k7BYAAAAj"
2019:08:14-16:11:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4043557744] [client 52.125.138.122:53172] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:11:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1208" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQkmsCoeAEAAH0k7BcAAAAK"
2019:08:14-16:13:16 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3808562032] [client 52.125.141.36:41072] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:13:16 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1460" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQlDMCoeAEAAH0k7BgAAAAm"
2019:08:14-16:21:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3791776624] [client 52.125.138.122:40866] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:21:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1430" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQm88CoeAEAAH0k7BkAAAAo"
2019:08:14-16:21:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3774991216] [client 52.125.138.122:40868] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:21:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1239" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQm88CoeAEAAH0k7BoAAAAq"
2019:08:14-16:23:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3758205808] [client 52.125.141.36:37532] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:23:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="830" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQnZcCoeAEAAH0k7BwAAAAs"
2019:08:14-16:23:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3741420400] [client 52.125.141.36:37534] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:23:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1800" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQnZcCoeAEAAH0k7BsAAAAu"
2019:08:14-16:31:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4060343152] [client 52.125.138.122:55970] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:31:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="808" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQpS8CoeAEAAH0k7B4AAAAI"
2019:08:14-16:31:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3724634992] [client 52.125.138.122:55968] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:31:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1529" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQpS8CoeAEAAH0k7B0AAAAw"
2019:08:14-16:33:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4077128560] [client 52.125.141.36:60312] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:33:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1108" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQpvcCoeAEAAH0k7B8AAAAG"
2019:08:14-16:33:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4093913968] [client 52.125.141.36:60322] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:33:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1351" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQpvcCoeAEAAH0k7CAAAAAE"
2019:08:14-16:41:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4110699376] [client 52.125.138.122:42490] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:41:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="3622" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQro8CoeAEAAH0k7CEAAAAC"
2019:08:14-16:43:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4127484784] [client 52.125.141.36:54028] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:43:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3909274480] [client 52.125.141.36:54030] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:43:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1404" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQsFcCoeAEAAH0k7CIAAAAa"
2019:08:14-16:43:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1497" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQsFcCoeAEAAH0k7CMAAAAA"
2019:08:14-16:51:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3875703664] [client 52.125.138.122:56914] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:51:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="4922" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQt@8CoeAEAAH0k7CQAAAAe"
2019:08:14-16:51:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3892489072] [client 52.125.138.122:56912] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:51:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="4706" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQt@8CoeAEAAH0k7CUAAAAc"
2019:08:14-16:53:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3858918256] [client 52.125.141.36:47166] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:53:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3842132848] [client 52.125.141.36:47164] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:53:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="64428" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQubcCoeAEAAH0k7CYAAAAg"
2019:08:14-16:53:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="61263" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQubcCoeAEAAH0k7CcAAAAi"
2019:08:14-17:01:24 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3816954736] [client 52.125.138.122:43388] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-17:01:24 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="63013" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQwVMCoeAEAAH0k7CgAAAAl"
2019:08:14-17:01:24 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3800169328] [client 52.125.138.122:43386] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-17:01:24 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="54839" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQwVMCoeAEAAH0k7CkAAAAn"
2019:08:14-17:03:18 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3783383920] [client 52.125.141.36:40138] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-17:03:18 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1184" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQwxsCoeAEAAH0k7CoAAAAp"
2019:08:14-17:03:18 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3766598512] [client 52.125.141.36:40136] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-17:03:18 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1400" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQwxsCoeAEAAH0k7CsAAAAr"

 



This thread was automatically locked due to age.
Parents
  • Hi,

    you got a lot of errors like ' [client 52.125.138.122:40866] Client is listed on DNSRBL black.rbl.ctipd.astaro.local' in your logs.

    Make an exception for this IP (or your network) for 'Block clients with bad reputation' and test again.

     

    Best,

     Sabine

  • Evianne said:

    Hi,

    you got a lot of errors like ' [client 52.125.138.122:40866] Client is listed on DNSRBL black.rbl.ctipd.astaro.local' in your logs.

    Make an exception for this IP (or your network) for 'Block clients with bad reputation' and test again.

     

    Best,

     Sabine

     

     

    Hi,

     

    Tried this and no luck. Here are the logs for when I tried;

     

    2019:08:15-09:48:48 xan-utm httpd: 26=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUccMCoeAEAAFFjIYIAAAAB"
    2019:08:15-09:48:48 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="221" user="-" host="213.205.242.244" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="28325" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUccMCoeAEAAFFjIYMAAAAA"
    2019:08:15-09:48:48 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="1170" user="-" host="213.205.242.244" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="25695" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS9wbHQxLmFzaHg/Y0lkPUYxRDcxRkRBM0NFODQwMjRBMjY1NzQyQzQ1RUVFMzE3Jm1zZz1VU1JDb21wb3NpdGVTZXJ2ZXJFcnImY2FUeT0xJnRnPSZNREI9ODcwNjQ1NTQtMDJjMS00YWJiLTgxMGUtOGZlNzFjYjdjNmNhJm5JZD0wMDAwMDAwMDAwMDAwMDAwJk1CWD1jZjZkMWFiMS03M2M2LTQzZmEtYmRlZi1jMTcyMjJkZmQzN2Umc2RDb0lkPUYxRDcxRkRBM0NFODQwMjRBMjY1NzQyQzQ1RUVFMzE3XzE1NjU4NTg5MzIwMjUmc2RzPTIwMCZmZT1udWxsJmJlPW51bGwmY2JlPW51bGwmZGFnPURhZ05vdEZvdW5kJmN2ZXI9MTUuMi4yMjEuMTcmc2R2ZXI9bnVsbCZycG89MCZvZmY9MCZwYWw9MCZyZmU9MSZ0ZT0wJkFMVD11RVMsMTA1LHVFRSwxMDUsZlMsNjUsZExTLDAsZExFLDAsY1MsMCxjRSwwLHJlcVMsMCxyZXNTLDAscmVzRSw0NCxkb21MLDQ1LGRvbUNMRVMsNDk5LGRvbUNMRUUsNTAzLHBFYWIsNDk4LG5vdyw1MDksbm93Tm9UaW0sNDUyJm5vd1RTPTE1NjU4NTg5MzI0NzcmbmF2dHA9MCZ0Y2Q9MTImbGJ2PTE1LjIuMjIxLjE3Jmljdj0xNS4yLjIyMS4xNyZpYWNyPTE1LjIuM
    2019:08:15-09:48:48 xan-utm httpd: jIxLjE3JmxjdmVyPTE1LjIuMjIxLjE3JmFjY3U9ZW4tZ2ImYWN0aD1iYXNlJmFjZGM9NTQmbGhuPXhhbmV4Y2hhbmdlLnhhbmFseXMuY29tJmNobj14YW5leGNoYW5nZS54YW5hbHlzLmNvbSZhY3M9MSZtZj1uZiZmYz1udWxs" referer="-" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUccMCoeAEAAFFjIYQAAAAB"
    2019:08:15-09:48:49 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="567" user="-" host="213.205.242.244" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="34388" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8/Yk89MQ==" referer="-" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcccCoeAEAAFFjIYUAAAAB"
    2019:08:15-09:48:49 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="552" user="-" host="213.205.242.244" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="21621" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcccCoeAEAAFFjIYcAAAAA"
    2019:08:15-09:48:49 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="13247" user="-" host="213.205.242.244" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="44380" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcccCoeAEAAFFjIYYAAAAB"
    2019:08:15-09:49:04 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="194" user="James-outlook-test" host="213.205.242.244" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="382759" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8/Yk89MQ==" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcf8CoeAEAAFFjIYgAAAAB"
    2019:08:15-09:49:04 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="69738" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcgMCoeAEAAFFjIYkAAAAB"
    2019:08:15-09:49:04 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="54130" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcgMCoeAEAAFFjIYoAAAAB"
    2019:08:15-09:49:38 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="105350" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcosCoeAEAAFFjIYsAAAAC"
    2019:08:15-09:50:11 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="97889" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcw8CoeAEAAFFjIYwAAAAD"
    2019:08:15-09:50:17 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="81332" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcycCoeAEAAFFjIY0AAAAD"
    2019:08:15-09:50:37 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="0" user="-" host="213.205.242.244" method="-" statuscode="408" reason="-" extra="-" exceptions="-" time="8" url="-" server="-" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="-"

Reply
  • Evianne said:

    Hi,

    you got a lot of errors like ' [client 52.125.138.122:40866] Client is listed on DNSRBL black.rbl.ctipd.astaro.local' in your logs.

    Make an exception for this IP (or your network) for 'Block clients with bad reputation' and test again.

     

    Best,

     Sabine

     

     

    Hi,

     

    Tried this and no luck. Here are the logs for when I tried;

     

    2019:08:15-09:48:48 xan-utm httpd: 26=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUccMCoeAEAAFFjIYIAAAAB"
    2019:08:15-09:48:48 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="221" user="-" host="213.205.242.244" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="28325" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUccMCoeAEAAFFjIYMAAAAA"
    2019:08:15-09:48:48 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="1170" user="-" host="213.205.242.244" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="25695" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS9wbHQxLmFzaHg/Y0lkPUYxRDcxRkRBM0NFODQwMjRBMjY1NzQyQzQ1RUVFMzE3Jm1zZz1VU1JDb21wb3NpdGVTZXJ2ZXJFcnImY2FUeT0xJnRnPSZNREI9ODcwNjQ1NTQtMDJjMS00YWJiLTgxMGUtOGZlNzFjYjdjNmNhJm5JZD0wMDAwMDAwMDAwMDAwMDAwJk1CWD1jZjZkMWFiMS03M2M2LTQzZmEtYmRlZi1jMTcyMjJkZmQzN2Umc2RDb0lkPUYxRDcxRkRBM0NFODQwMjRBMjY1NzQyQzQ1RUVFMzE3XzE1NjU4NTg5MzIwMjUmc2RzPTIwMCZmZT1udWxsJmJlPW51bGwmY2JlPW51bGwmZGFnPURhZ05vdEZvdW5kJmN2ZXI9MTUuMi4yMjEuMTcmc2R2ZXI9bnVsbCZycG89MCZvZmY9MCZwYWw9MCZyZmU9MSZ0ZT0wJkFMVD11RVMsMTA1LHVFRSwxMDUsZlMsNjUsZExTLDAsZExFLDAsY1MsMCxjRSwwLHJlcVMsMCxyZXNTLDAscmVzRSw0NCxkb21MLDQ1LGRvbUNMRVMsNDk5LGRvbUNMRUUsNTAzLHBFYWIsNDk4LG5vdyw1MDksbm93Tm9UaW0sNDUyJm5vd1RTPTE1NjU4NTg5MzI0NzcmbmF2dHA9MCZ0Y2Q9MTImbGJ2PTE1LjIuMjIxLjE3Jmljdj0xNS4yLjIyMS4xNyZpYWNyPTE1LjIuM
    2019:08:15-09:48:48 xan-utm httpd: jIxLjE3JmxjdmVyPTE1LjIuMjIxLjE3JmFjY3U9ZW4tZ2ImYWN0aD1iYXNlJmFjZGM9NTQmbGhuPXhhbmV4Y2hhbmdlLnhhbmFseXMuY29tJmNobj14YW5leGNoYW5nZS54YW5hbHlzLmNvbSZhY3M9MSZtZj1uZiZmYz1udWxs" referer="-" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUccMCoeAEAAFFjIYQAAAAB"
    2019:08:15-09:48:49 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="567" user="-" host="213.205.242.244" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="34388" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8/Yk89MQ==" referer="-" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcccCoeAEAAFFjIYUAAAAB"
    2019:08:15-09:48:49 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="552" user="-" host="213.205.242.244" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="21621" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcccCoeAEAAFFjIYcAAAAA"
    2019:08:15-09:48:49 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="13247" user="-" host="213.205.242.244" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="44380" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcccCoeAEAAFFjIYYAAAAB"
    2019:08:15-09:49:04 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="194" user="James-outlook-test" host="213.205.242.244" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="382759" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8/Yk89MQ==" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcf8CoeAEAAFFjIYgAAAAB"
    2019:08:15-09:49:04 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="69738" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcgMCoeAEAAFFjIYkAAAAB"
    2019:08:15-09:49:04 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="54130" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcgMCoeAEAAFFjIYoAAAAB"
    2019:08:15-09:49:38 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="105350" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcosCoeAEAAFFjIYsAAAAC"
    2019:08:15-09:50:11 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="97889" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcw8CoeAEAAFFjIYwAAAAD"
    2019:08:15-09:50:17 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="25" user="James-outlook-test" host="213.205.242.244" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="81332" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="mzmirudqpf_cookie=9a8c0ece961bf90ddcb344a5c6ae38addfc14337;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUcycCoeAEAAFFjIY0AAAAD"
    2019:08:15-09:50:37 xan-utm httpd: id="0299" srcip="213.205.242.244" localip="82.68.126.11" size="0" user="-" host="213.205.242.244" method="-" statuscode="408" reason="-" extra="-" exceptions="-" time="8" url="-" server="-" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="-"

Children
  • Unknown said:

    Hi,

     Tried this and no luck. Here are the logs for when I tried;

     

     

    Next step would be to disable Reverse Authentication.

    This helps you to make sure, that you can authenticate with Basic Auth over the WAF at your Exchange.

  • Evianne said:

     

     
    Jnurse

    Hi,

     Tried this and no luck. Here are the logs for when I tried;

     

     

     

    Next step would be to disable Reverse Authentication.

    This helps you to make sure, that you can authenticate with Basic Auth over the WAF at your Exchange.

     

     

    Hi,

     

    If I remove the authentication profile from all the virtual webservers then I am able to get to OWA and authenticate successfully so something is going wrong with the authentication pass-through I assume....

     

    Thanks,

    James

  • Unknown said:

     

     
    Evianne

     

     
    Jnurse

    Hi,

     Tried this and no luck. Here are the logs for when I tried;

     

     

     

    Next step would be to disable Reverse Authentication.

    This helps you to make sure, that you can authenticate with Basic Auth over the WAF at your Exchange.

     

     

     

     

    Hi,

     

    If I remove the authentication profile from all the virtual webservers then I am able to get to OWA and authenticate successfully so something is going wrong with the authentication pass-through I assume....

     

    Thanks,

    James

     

     

    Although I can't seem to use the Outlook mobile app as I get 'Login error' and the following appears in the log;

    2019:08:15-10:54:57 xan-utm httpd[2895]: [security2:error] [pid 2895:tid 3917667184] [client 94.192.179.216:53612] [client 94.192.179.216] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "xanexchange.xanalys.com"] [uri "/owa/ev.owa2"] [unique_id "XVUr8cCoeAEAAAtPcE4AAAAZ"]
    2019:08:15-10:54:57 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="608" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipThreatsFilter" time="60237834" url="/owa/ev.owa2" server="xanexchange.xanalys.com" port="443" query="?ns=PendingRequest&ev=PendingNotificationRequest&UA=0&cid=7cee79e9-72fe-454f-8f0e-f8893fe8a79a&brwnm=chrome&X-OWA-CANARY=y2bw_zAfJEueuLt7e_LstRBqxH1mIdcI7HTvas2Gq3XVT05ul0ieBfJh4gNWTC9uqPcZT2ILqL8.&n=lr" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrMxcrI; ClientId=895AF1C0B11B4B2F896122DC1E967837; UC=79261316ef1f4ee182f25f0dc619b989; X-OWA-JS-PSD=1; AppcacheVer=15.2.221.17:en-gbbase; X-OWA-CANARY=y2bw_zAfJEueuLt7e_LstRBqxH1mIdcI7HTvas2Gq3XVT05ul0ieBfJh4gNWTC9uqPcZT2ILqL8." set-cookie="X-OWA-CANARY=UaTZwpHI9EeVqlPau069ooABz31mIdcIMl2fUbQaaoUB0Of-kiMbDcUs6RwghKjQkW9eiw6pRyk.; path=/; secure, X-BackEnd
    2019:08:15-10:54:57 xan-utm httpd: Cookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrMxcrI; expires=Sat, 14-Sep-2019 09:53:57 GMT; path=/owa; secure; HttpOnly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUrtcCoeAEAAAtPcEkAAAAY"
    2019:08:15-10:54:57 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="87" user="-" host="94.192.179.216" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipThreatsFilter" time="44283" url="/owa/ev.owa2" server="xanexchange.xanalys.com" port="443" query="?ns=PendingRequest&ev=FinishNotificationRequest&UA=0&cid=7cee79e9-72fe-454f-8f0e-f8893fe8a79a" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrMxcrI; ClientId=895AF1C0B11B4B2F896122DC1E967837; UC=79261316ef1f4ee182f25f0dc619b989; X-OWA-JS-PSD=1; AppcacheVer=15.2.221.17:en-gbbase; X-OWA-CANARY=Q3EGUTeYtkmwHX3VqIjhqND13X1mIdcIUXFqz3NaaljNsZoYgR4QiMA_BXnK3ltBO0xHj9teTzw." set-cookie="X-OWA-CANARY=wqfHgb7j7kSoUacDvHeJsmDJsKFmIdcI3aGUdb-5cv1LOxtEBh2sGrVjTVKbFcAxIrw_VpuaWU4.; path=/; secure, X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyeg
    2019:08:15-10:54:57 xan-utm httpd: YHNz87G0s/G0s7Lq8/GxcrLxcrI; expires=Sat, 14-Sep-2019 09:54:57 GMT; path=/owa; secure; HttpOnly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUr8cCoeAEAAAtPcE4AAAAZ"
    2019:08:15-10:54:57 xan-utm httpd[2895]: [security2:error] [pid 2895:tid 3917667184] [client 94.192.179.216:53612] [client 94.192.179.216] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "xanexchange.xanalys.com"] [uri "/owa/ev.owa2"] [unique_id "XVUr8cCoeAEAAAtPcE8AAAAZ"]
    2019:08:15-10:54:58 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="1769" user="-" host="94.192.179.216" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="45665" url="/owa/service.svc" server="xanexchange.xanalys.com" port="443" query="?action=FindConversation&EP=1&UA=0&ID=-104&AC=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrLxcrI; ClientId=895AF1C0B11B4B2F896122DC1E967837; UC=79261316ef1f4ee182f25f0dc619b989; X-OWA-JS-PSD=1; AppcacheVer=15.2.221.17:en-gbbase; X-OWA-CANARY=wqfHgb7j7kSoUacDvHeJsmDJsKFmIdcI3aGUdb-5cv1LOxtEBh2sGrVjTVKbFcAxIrw_VpuaWU4." set-cookie="X-OWA-CANARY=Ax4RcQCDqE2O5gWh718jj0BRu6FmIdcIkjvhF6hR7JI87FAOYkLaWia6owA8p3XpSU64qArqITE.; path=/; secure, X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrLxcrH; expires=Sat, 14-Sep-2019 09:54:58 GMT; path=/
    2019:08:15-10:54:58 xan-utm httpd: owa; secure; HttpOnly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUr8cCoeAEAAAtPcFAAAAAY"
    2019:08:15-10:54:58 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="821" user="-" host="94.192.179.216" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="44369" url="/owa/service.svc" server="xanexchange.xanalys.com" port="443" query="?action=FindFolder&EP=1&UA=0&ID=-105&AC=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrLxcrH; ClientId=895AF1C0B11B4B2F896122DC1E967837; UC=79261316ef1f4ee182f25f0dc619b989; X-OWA-JS-PSD=1; AppcacheVer=15.2.221.17:en-gbbase; X-OWA-CANARY=Ax4RcQCDqE2O5gWh718jj0BRu6FmIdcIkjvhF6hR7JI87FAOYkLaWia6owA8p3XpSU64qArqITE." set-cookie="X-OWA-CANARY=fKm5ANpX3kyh5_z_5Sx8ecBP2KFmIdcIhprD74pBVtDpfHF1bASCY6z1KJWBxM0y5CGAt93cACE.; path=/; secure, X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrLxcrH; expires=Sat, 14-Sep-2019 09:54:58 GMT; path=/owa; se
    2019:08:15-10:54:58 xan-utm httpd: cure; HttpOnly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUr8sCoeAEAAAtPcFEAAAAY"
    2019:08:15-10:55:32 xan-utm httpd[2895]: [authnz_aua:error] [pid 2895:tid 3909274480] [client 52.125.140.21:41082] [xanalys\\james-outlook-test] AUA responded with 'DENIED'
    2019:08:15-10:55:32 xan-utm httpd: id="0299" srcip="52.125.140.21" localip="82.68.126.11" size="381" user="xanalys\\james-outlook-test" host="52.125.140.21" method="OPTIONS" statuscode="401" reason="auth" extra="user denied" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipURLHardening" time="199261" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=499A18DB91DCED96&DeviceType=Outlook" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUsFMCoeAEAAAtPcFIAAAAa"
    2019:08:15-10:55:32 xan-utm httpd[2895]: [authnz_aua:error] [pid 2895:tid 3909274480] [client 52.125.140.21:41082] [xanalys.com\\james-outlook-test] AUA responded with 'DENIED'
    2019:08:15-10:55:32 xan-utm httpd: id="0299" srcip="52.125.140.21" localip="82.68.126.11" size="381" user="xanalys.com\\james-outlook-test" host="52.125.140.21" method="OPTIONS" statuscode="401" reason="auth" extra="user denied" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipURLHardening" time="211899" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys.com%5Cjames-outlook-test&DeviceId=499A18DB91DCED96&DeviceType=Outlook" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUsFMCoeAEAAAtPcFMAAAAa"