This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Esxi host behind waf. Esxi console (cannot connect), always getting 404 for "/ticket/...." path. How to get it working?

Esxi host behind waf. Esxi console (cannot connect), always getting 404 for "/ticket/...." path. How to get it working?

The esxi web interface works ok on lan bit behind waf the vm console cannot be connected.

I have checked all waf logs and added all exceptions already but without help.



This thread was automatically locked due to age.
Parents
  • Salut, Daniel, and welcome to the UTM Community!

    Please show the corresponding line from the log file when you see the 404 message.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi, here is an example

    Note: public ip and server addreses have been replaced in this post with <public_ip> and<server_address>

    Path /ticket/* always running to 404 behind waf, otherwise, without waf it works just fine

    /var/log/reverseproxy.log:2017:09:22-08:54:19 daf-utm httpd: id="0299" srcip="<public_ip>" localip="192.168.100.18" size="0" user="-" host="<public_ip>" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="15898" url="/ticket/8267abdebc8cccc9" server="<server_address>" port="443" query="" referer="-" cookie="vmware_client=VMware; vmware_soap_session=\"a298de2cef58024dd483bd8987d4a27d842213b7\"" set-cookie="-" uid="WcSli8CoZBIAABh3dkEAAADF"

  • Are there additional log entries preceding this one?  There should be one or more lines, in a different format, that indicate which WAF rule is firing.

    If you have url hardening enabled, you may have to experiment to find all the paths that need to be configured as entry points.

  • Hi,

    There is no additional log entry preceeding this one.

    Initially i had some rules triggered but i have added all to exception list. Even with no firewall profile i get 404.

    Url hardening is disabled.

    Any other ideas?

  • If Doug's suggestion of adding a path doesn't help, what does Sophos Support say?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I would really love to hear what Sophos Support has to say. I have a Home license, therefore I have no support, except community.

    I'm also thinking about the possibility that wss protocol is used for some things and might not be supported by UTM, but this would be crazy since wss is standard since very long time ago and most of the UTM alternatives are supporting it without any problems.

  • As far as I understand, WAF looks for clean HTML traffic.  If the VMWare client is using a proprietary protocol underneath the HTTPS session, then WAF is probably not the right tool for you.


    SSL VPN is probably an alternative to consider.   You don't really need to protect against hostile content after the session is established, since presumably the VMWare client should be able to talk to the VMWare server safely.   SSL VPN is a way of preventing unwanted clients from gaining access, especially if it is linked with One-Time Password or with remote IP address restrictions.

Reply
  • As far as I understand, WAF looks for clean HTML traffic.  If the VMWare client is using a proprietary protocol underneath the HTTPS session, then WAF is probably not the right tool for you.


    SSL VPN is probably an alternative to consider.   You don't really need to protect against hostile content after the session is established, since presumably the VMWare client should be able to talk to the VMWare server safely.   SSL VPN is a way of preventing unwanted clients from gaining access, especially if it is linked with One-Time Password or with remote IP address restrictions.

Children