mod_proxy_wstunnel?

Question

What plans are there to include mod_proxy_wstunnel in the Webserver Protection so that websites using websockets can be hosted behind the UTM?

This requires the use of apache 2.4.5 (or later). There is an updated module in 2.4.9. Currently the UTM is using 2.4.4 so it is not available to even try and test by modifying the config from the console.

Cheers
Simon

This thread was automatically locked due to age.

theRat_01 · Accepted Answer

So UTM 9.3 now has all the required software on the box, but not enabled.  Is there a way to make config changes that will survive a reboot?

I need to add a line to /var/storage/chroot-reverseproxy/usr/apache/conf/modules.conf to load the module. ie. add the line

LoadModule proxy_wstunnel_module /usr/apache/modules/mod_proxy_wstunnel.so

And then add a location section to /var/storage/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf such as:


                ProxyPass wss://server.name/websocket


Making these changes and restarting the reverse proxy (/var/mdw/scripts/reverseproxy restart) and it then works.  It would be nice if Sophos could add the ability to do this to the UI.

Simon

Evianne · Answer

Hi, 
 
UTM 9.3 is using Apache 2.4.10. You could try to include it there. 
 
Mod_proxy_wstunnel will be not included in UTM 9.4 and it is not included in Sophos XG v1. 
 
Sabine