Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 1338 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF don't recognize domain-names

dirkkotte

i try to publish 2 webpages with WAF.
because "redirect to HTTPS" is not working, i create different rules for HTTP / HTTPS
my setup:
2 Webserver - vServer1 & vServer2
2 Domains - www.domain1.de & www.domain2.de

4Rules:
http   www.domain1.de -> vServer1
https  www.domain1.de -> vServer1
http   www.domain2.de -> vServer2
https  www.domain2.de -> vServer2
(within domain field i have only one domain)
... looks simple.

But if i try to reach the webpages via http (port80) only the first rule matches and I see the webpage from vServer1 all the time.  This occurs with   http://www.domain1.de and http://www.domain2.de

I never reach rule 3. The traffic counter counts at rule 1 only. I see the webpage from vServer1 all the time.
If i change the rule-order, the other HTTP Rule matches all the time - for all domains. (the current first http rule)

if i use https .. it works. The correct rule matches and i see the correct webpage.

Currently i am unable to isolate the corresponding lines from reverseproxy.log.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    The firewall rule works top to bottom approach so if port 80 firewall rule is on top and if you generate a request by entering URL www.domain1.de, it will initiate the traffic over port 80 and first rule match and it will allow the traffic, you have to https://www.domain1.de in the browser in the address box to initiate the traffic over port 443 and firewall will try to match the firewall rule and when it matches with Port 443 firewall rule it will connect to that specific server.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Hi,

    thanks for the answer. But i think you misunderstood.

    www.domain1.de and www.domain2.de  are webpages hosted within my own DMZ.

    I try to use WAF Rules (formally business application rule).

    Within WAF rules i have the "Domain" field. I think only domains listed here should match the rule.

     

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • 0 in reply to Keyur

    Hi,

    thanks for the answer. But i think you misunderstood.

    www.domain1.de and www.domain2.de  are webpages hosted within my own DMZ.

    I try to use WAF Rules (formally business application rule).

    Within WAF rules i have the "Domain" field. I think only domains listed here should match the rule.

     

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • 0 in reply to dirkkotte

    Hi  

    Do you mean you have explicitly defined the domain in WAF rules?

    Are you trying to access the server from the Internet side from the LAN zone of the firewall?

    It would be great if you could share more details about your requirements.

    You can refer to the configuration and troubleshooting articles

    https://community.sophos.com/kb/en-us/126470

    https://community.sophos.com/kb/en-us/124574

    https://community.sophos.com/kb/en-us/122829

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Hi,

    Do you mean you have explicitly defined the domain in WAF rules? -- YES

    Are you trying to access the server from the Internet side from the LAN zone of the firewall? -- INTERNET

    It would be great if you could share more details about your requirements. -- see attachments

    If i try to access www.???4.de (defined as Domain2) i got no match from Rule#4 but Rule#1.

    I see the page from Server behind Rule#1.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hello Dirk,

    Why is "redirect to HTTPS" not working for you?

    Can you please share or PM me the content of the file /cfs/waf/reverseproxy.conf?

     

    Best

     Sabine

  • 0 in reply to Evianne

    Why is "redirect to HTTPS" not working for you?

    don't know... possible the same problem with "normal" http access i currently see.

    I pm you the file-content asap.

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Yesterday i tryed again to switch web-server-publishing from Sophos SG to XG.

    This time i don't get access at port 80. No log entries. (show all logs and filter to the external client-IP)

    If i change WAF listening port from port 80 to 81 (here i use the ISP-router to change incomming port 80 to 81 while DNATting/Forwarding ) all works great.

    With SSL-Publishing i have never problems.



    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML