Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 1340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF don't recognize domain-names

dirkkotte

i try to publish 2 webpages with WAF.
because "redirect to HTTPS" is not working, i create different rules for HTTP / HTTPS
my setup:
2 Webserver - vServer1 & vServer2
2 Domains - www.domain1.de & www.domain2.de

4Rules:
http   www.domain1.de -> vServer1
https  www.domain1.de -> vServer1
http   www.domain2.de -> vServer2
https  www.domain2.de -> vServer2
(within domain field i have only one domain)
... looks simple.

But if i try to reach the webpages via http (port80) only the first rule matches and I see the webpage from vServer1 all the time.  This occurs with   http://www.domain1.de and http://www.domain2.de

I never reach rule 3. The traffic counter counts at rule 1 only. I see the webpage from vServer1 all the time.
If i change the rule-order, the other HTTP Rule matches all the time - for all domains. (the current first http rule)

if i use https .. it works. The correct rule matches and i see the correct webpage.

Currently i am unable to isolate the corresponding lines from reverseproxy.log.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Keyur

    Hi,

    Do you mean you have explicitly defined the domain in WAF rules? -- YES

    Are you trying to access the server from the Internet side from the LAN zone of the firewall? -- INTERNET

    It would be great if you could share more details about your requirements. -- see attachments

    If i try to access www.???4.de (defined as Domain2) i got no match from Rule#4 but Rule#1.

    I see the page from Server behind Rule#1.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • 0 in reply to dirkkotte

    Hello Dirk,

    Why is "redirect to HTTPS" not working for you?

    Can you please share or PM me the content of the file /cfs/waf/reverseproxy.conf?

     

    Best

     Sabine

  • 0 in reply to Evianne

    Why is "redirect to HTTPS" not working for you?

    don't know... possible the same problem with "normal" http access i currently see.

    I pm you the file-content asap.

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Yesterday i tryed again to switch web-server-publishing from Sophos SG to XG.

    This time i don't get access at port 80. No log entries. (show all logs and filter to the external client-IP)

    If i change WAF listening port from port 80 to 81 (here i use the ISP-router to change incomming port 80 to 81 while DNATting/Forwarding ) all works great.

    With SSL-Publishing i have never problems.



    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML