Hi everyone,
we’re currently facing an issue with the Web Application Firewall (WAF) on SFOS 21.5.0 GA-Build171.
In the WAF configuration, the backend server is explicitly set to use HTTPS on port 443. However, the request appears to be forwarded as HTTP instead of HTTPS. The backend server expects proper HTTPS on port 443 and rejects the request accordingly.
The web server logs the following error:
AH01630: client denied by server configuration
A direct telnet test to port 443 from the firewall works fine, so the server is reachable.
Our assumption:
Even though HTTPS is selected in the backend definition, the WAF internally sends the request as HTTP. This seems like a bug in SFOS 21.5.
We have already opened a support case with Sophos, but so far we haven’t received any meaningful technical response that would help move things forward.
Has anyone else experienced similar behavior or found a workaround?
Thanks in advance!
Edited TAGs
[edited by: Raphael Alganes at 10:38 AM (GMT -7) on 31 Jul 2025]
Quote