Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 1709 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web server protection skip filter but no rule ID

Carlo

Hello,

I have trouble configuring WAF rule for one specific web server/service 

When I try to access service from inside on my pc I get 403  

[Sun Jan 07 19:40:08.983664 2024] [authz_core:error] [pid 22769:tid 140041007253248] [client 10.2.1.10:52039] AH01630: client denied by server configuration: proxy:balancer://6291e1d15895c7c47ef0a19ffbb799cd/web
[Sun Jan  7 19:40:08.982766 2024] timestamp="1704656408" srcip="10.2.1.10" localip="A.B.C.D" user="-" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" duration="1466" url="/web" server="subdomain.example.com" referer="-" cookie="-" set-cookie="-" recvbytes="1395" sentbytes="586" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="29"
[Sun Jan 07 19:40:09.087611 2024] [authz_core:error] [pid 22769:tid 140041007253248] [client 10.2.1.10:52039] AH01630: client denied by server configuration: proxy:balancer://6291e1d15895c7c47ef0a19ffbb799cd/favicon.ico, referer: https://subdomain.example.hr/web
[Sun Jan  7 19:40:09.086954 2024] timestamp="1704656409" srcip="10.2.1.10" localip="A.B.C.D" user="-" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" duration="1164" url="/favicon.ico" server="subdomain.example.com" referer="https://subdomain.example.hr/web" cookie="-" set-cookie="-" recvbytes="648" sentbytes="429" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="29"

In the same time, other machines on LAN, WIFI or WAN can access service normally. Strange thing is that when I reapply rule or restart WAF service I can access web page also for some time.

Anyone has idea where to start with troubleshooting?

Thank you,

Carlo



This thread was automatically locked due to age.
Parents Reply Children
Unfiltered HTML