Hi guys I have a general and maybe basic WAF / reverse proxy question:
I do use some ressources from WAN-side by setting up a "simple" Firewall and DNAT rule to port-forward these ressources.
Clients that match the firewall rule have access by calling a subdomain-hostname 'service.example.com' which is resolved to my public IP.
These connections are handled by an internal nginx depending on hostname.
I recently wanted to publish a dedicated ressource through the Sophos Firewal WAF where the matching criteria is one of my subdomain-hostnames.
The incoming traffic is handled by Sophos WAF depending on the called hostname and is to be forwarded to a specific itnternal port without passing the internal nginx.
Everything works fine so far since I set up the web server with specific protection policy in my firewall.
After that I noticed that I have several incoming requests visible in the log viewer category 'Web server protection' trying to call the public ip adress or a different subdomain which I didn't use for WAF in any kind...
Another thing I also tested is that when you trying to access either hostnames or public ip you don't run in timeouts (as it was before activating WAF) but receiving status code '403' visible as 'Forbidded - you don't have permission to access this ressource'.
Is there a way to block these kind of requests by default and only generally allow requests to specified hostnames declared in WAF rule?
Maybe I am too new to WAF/reverse proxy functionality at all - just wondering why WAF offers you such information when you trying to access any other ressources than these which are intended to be public??
Thanks in advance and sorry for the long introduction ;)
This thread was automatically locked due to age.
