Web Server with HTTPS encryption showing different responses from both internal and external network

RE: Web Server with HTTPS encryption showing different responses from both internal and external network

Jason Roble — Thu, 31 Mar 2022 02:34:57 GMT

Got it. Thank you for the clarification Prism! 🙂

RE: Web Server with HTTPS encryption showing different responses from both internal and external network

Prism — Tue, 29 Mar 2022 11:32:05 GMT

It highly depends on how your current network is configured, and on what compliance's you need to meet.

It's common to have a WAF terminating TLS on the edge then transmitting data through plain-text for higher performance (and caching on some other scenarios), but depending on how your internal network is currently configured this can be either insecure or secure.

The important part for you is having a secure connection between the client and the WAF.

PS; If the connection from the WAF to the Web Server is encrypted through HTTPS, the IPS will have no effect as It can't inspect the encrypted data, making It useless.

RE: Web Server with HTTPS encryption showing different responses from both internal and external network

Jason Roble — Tue, 29 Mar 2022 10:48:38 GMT

Regarding the downstream web server, I am not sure but I guess it doesn't support HTTPS.

So as long as the WAF's encryption method is HTTPS, the Web Server's encryption type is insignificant if the server is internal? I thought I need to make both WAF and Web Server's encryption method to be HTTPS to make it secured.

RE: Web Server with HTTPS encryption showing different responses from both internal and external network

Prism — Tue, 29 Mar 2022 03:40:56 GMT

Does the downstream Web Server (IP_DMZ_CSI-SVR03) also supports HTTPS?

Looking by the error given by WAF, the downstream Web Server is only available through plain-text HTTP.

I recommend you to change from HTTPS to HTTP on the Web Server configuration. (Maintaining the same port 8080.)

[quote userid="236961" url="~/sophos-xg-firewall/f/discussions/133574/web-server-with-https-encryption-showing-different-responses-from-both-internal-and-external-network"]When I configure the web server with an HTTP encryption, there is no issue. But when I change it to HTTPS encryption, these are the issues we are having:[/quote]

It's because the downstream Web Server (IP_DMZ_CSI-SVR03) doesn't support HTTPS.

You should leave the WAF to handle the encryption with the client and send the traffic to downstream though plain-text HTTP. (There's no need for the WAF to encrypt all traffic again with downstream, unless you don't trust your own internal network.)

RE: Web Server with HTTPS encryption showing different responses from both internal and external network

Jason Roble — Tue, 29 Mar 2022 03:07:07 GMT

Yes this is about WAF. This is the WAF configuration

and this is the Web Server config

RE: Web Server with HTTPS encryption showing different responses from both internal and external network

PhilippRusch — Mon, 28 Mar 2022 15:31:09 GMT

Are we talking about WAF here?

Can you show us your rules?

RE: Web Server with HTTPS encryption showing different responses from both internal and external network

Jason Roble — Mon, 28 Mar 2022 12:23:19 GMT

Yes it has a green check on the Trusted column.

RE: Web Server with HTTPS encryption showing different responses from both internal and external network

PhilippRusch — Mon, 28 Mar 2022 11:39:46 GMT

Hello,

is this new certificate showing up as "trusted" under Certificates in the Sophos System?