This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable WAF HTTP trace & track

Hi,

I need to disable the HTTP TRACE & TRACK methods on the WAF on XG18 MR5

I have tried the KBs below and they do not apply, I guess they are too old

https://support.sophos.com/support/s/article/KB-000038557?language=en_US

https://support.sophos.com/support/s/article/KB-000039071?language=en_US

I have raised a Support Ticket but I'm thinking I may get a quicker response here.

Thanks,

Craig



This thread was automatically locked due to age.
  • FormerMember
    +1 FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    I just verified the steps outlined in the following KBA on my LAB firewall running on v18 MR5, and it works. 

    Reference:

    SFVUNL_AZ01_SFOS 18.0.5 MR-5# psql -U nobody -d corporate -c "update tblwafadvanceconfig set trace_enabled=0"
    UPDATE 1
    SFVUNL_AZ01_SFOS 18.0.5 MR-5# opcode waf_reconfig -t json -b '{"Entity": "waf_advanced_config", "Event": "UPDATE"}' -ds nosync
    200 OK
    { "status": "200", "statusmessage": "success" }
    SFVUNL_AZ01_SFOS 18.0.5 MR-5# cat /cfs/waf/reverseproxy.conf | head -n 3 | tail -n 1
    TraceEnable Off
    SFVUNL_AZ01_SFOS 18.0.5 MR-5#

    PS: What is the firewall model number, and are you getting any error messages when you run the commands? I verified these commands on a virtual firewall running in Azure.

    Thanks,

  • FormerMember
    0 FormerMember in reply to FormerMember

    Hi ,

    The commands work on the hardware model as well! 

    Reference: 

    XG125_XN02_SFOS 18.0.5 MR-5# psql -U nobody -d corporate -c "update tblwafadvanceconfig set trace_enabled=0"
    UPDATE 1
    XG125_XN02_SFOS 18.0.5 MR-5# opcode waf_reconfig -t json -b '{"Entity": "waf_advanced_config", "Event": "UPDATE"}' -ds nosync
    200 OK
    { "status": "200", "statusmessage": "success" }
    XG125_XN02_SFOS 18.0.5 MR-5# cat /cfs/waf/reverseproxy.conf | head -n 3 | tail -n 1
    TraceEnable Off
    Please let us know if there’s an error message when you run the commands.
    Thanks,
  • Hi H_Patel,

    Many thanks for the reply. I tried again with the commands above and it seems that it worked this time.

    Although I got a little confused with the last command, the "TraceEnable Off" appeared to be part of the command, once I took this off it worked.

    Many Thanks,

    Craig

  • FormerMember
    0 FormerMember in reply to CraigLloyd

    Hi ,

    We're happy to help! I'm glad to know it worked for you. 

    Yes, the "TraceEnable Off" Is not part of the command, but the output of the command "cat /cfs/waf/reverseproxy.conf | head -n 3 | tail -n 1

    Thanks,