Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 920 views
  • Users 0 members are here
Options
Suggested

Sophos WAF strange characters accessing Home Assistant

pa300

Got strange characters in Sophos XG WAF v21. It's like Sophos cannot encode some characters.
Using LE certificate.

It works fine if I access home assistant locally.

Output



How to troubleshoot this?



Added TAGs
[edited by: Raphael Alganes at 10:42 AM (GMT -8) on 16 Dec 2024]
Parents
  • 0

    I've seen the same with some applications (e.g. homeassistant, vaultwarden,..) - even if html rewrite is disabled and that exception is in place.
    No solution so far / no time to have a deeper look for specific rules/protection settings.

  • 0 in reply to FFin

    From reverseproxy.log

    Isit possible to bypass this rule?

    [Fri Jan 03 16:37:22.193474 2025] [security2:error] [pid 17104:tid 140483982264064] [client 94.234.112.21:21128] [client 94.234.112.21] ModSecurity: Warning. Found 21 byte(s) in REQUEST_BODY outside range: 38,44-46,48-58,61,65-90,95,97-122. [file "/usr/apache/conf/waf/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1556"] [id "920273"] [msg "Invalid character in request (outside of very strict set)"] [data "REQUEST_BODY={\\x22encrypted\\x22:true,\\x22encrypted_data\\x22:\\x22RwdCxhckqRVbTUPcQXUjbx3Lr7XppXZ2Mmi2FzN3OuPk5LkF4zwSqS0q92GTeJ5PaVUIV8TnlOItds2bjk\\x5c/2fgjY6bDF2XI\\x5c/aios 1KS4xBmh2NHPKqk RMOHon7o7GcR\\x5c/ibMcqcEnyFjfXx5zjawWR2OM3bG6UAwT1BT9v HTZ3pdW70EMQWndHuV295R1vOas02TVgeg==\\x22,\\x22type\\x22:\\x22register_sensor\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.3"] [tag] [tag] [tag] [tag] [tag] [tag] [tag] [hostname "homeassistant.domain.tld"] [uri "/api/webhook/5f91a32263db16bb10d8b03ffc80c61c5e23a1ba52211b39ca3aeed178de93f7"] [unique_id "Z3gSQoSJqepwa9XMjdLdhAAAADU"]



    Proxmox | AMD Ryzen 7 7700 | XG V21 - 6GB RAM, 2 vNIC WAN, LAN

Reply
  • 0 in reply to FFin

    From reverseproxy.log

    Isit possible to bypass this rule?

    [Fri Jan 03 16:37:22.193474 2025] [security2:error] [pid 17104:tid 140483982264064] [client 94.234.112.21:21128] [client 94.234.112.21] ModSecurity: Warning. Found 21 byte(s) in REQUEST_BODY outside range: 38,44-46,48-58,61,65-90,95,97-122. [file "/usr/apache/conf/waf/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1556"] [id "920273"] [msg "Invalid character in request (outside of very strict set)"] [data "REQUEST_BODY={\\x22encrypted\\x22:true,\\x22encrypted_data\\x22:\\x22RwdCxhckqRVbTUPcQXUjbx3Lr7XppXZ2Mmi2FzN3OuPk5LkF4zwSqS0q92GTeJ5PaVUIV8TnlOItds2bjk\\x5c/2fgjY6bDF2XI\\x5c/aios 1KS4xBmh2NHPKqk RMOHon7o7GcR\\x5c/ibMcqcEnyFjfXx5zjawWR2OM3bG6UAwT1BT9v HTZ3pdW70EMQWndHuV295R1vOas02TVgeg==\\x22,\\x22type\\x22:\\x22register_sensor\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.3"] [tag] [tag] [tag] [tag] [tag] [tag] [tag] [hostname "homeassistant.domain.tld"] [uri "/api/webhook/5f91a32263db16bb10d8b03ffc80c61c5e23a1ba52211b39ca3aeed178de93f7"] [unique_id "Z3gSQoSJqepwa9XMjdLdhAAAADU"]



    Proxmox | AMD Ryzen 7 7700 | XG V21 - 6GB RAM, 2 vNIC WAN, LAN

Children
Unfiltered HTML