• WAF - Static URL Hardening error

    FFin
    FFin
    SFOS 19.5MR3 I'm getting multiple WAF-Logentrys with exact same URL (upper-/lowercase) - one request passes correctly the other one fails due to "Static URL Hardening - No Signature found". As it's same exact same URL it's probably not a configuration…
    • Answered
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • WAF not working after Upgrade to SFOS 20.0

    EDV
    EDV
    We have updated our XGS3300 to SFOS 20.0 a few days ago. Since then our WAF ist not working. AH00526: Syntax error on line 106 of /cfs/waf/reverseproxy.conf: Invalid encrypted key AH00112: Warning: DocumentRoot [/sdisk/waffiles/1cf6480d9dcdd33a4319301e0d8ef22b…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos SFOS WAF Rules limit

    admin_idl
    admin_idl
    Hello, We use the Web Server Protection of Sophos XG Firewall and have now reached almost 60 WAF rules. This is also the maximum number of WAF rules. Is it possible to combine several URLs in one WAF rule and route them to different servers? WAF rule…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Is it possible to offload HTTPS on the Sophos fw and send plain HTTP to the real server ?

    Jochen Siers
    Jochen Siers
    Is it possible to decrypt HTTPs on the firewall and send plain HTTP to the webserver (without encrypting it again)? Thanks!
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WAF & large files – how do you deal with it?

    dirkkotte
    dirkkotte
    Hi all, When AV or other protection features are enabled, we keep running into various problems while uploading large files. Sometimes the disk space (Temp=100%) seems to be the cause, sometimes other internal buffers. We have the requirement to allow…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • SFOS 19.5.3 MR-3: Web Server Protected, Path-Specific routing - should this config work?

    gavo_nz
    gavo_nz
    Hi, I have a WAF rule configured for path-specific routing, however, the routes I am specifying are all to the same target web server, but with different restrictions. e.g. / - restricted to specific IP ranges, target sevrer1 /myapp/ - not restricted…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Order of domains in WAF rules

    Martijn Bouman
    Martijn Bouman
    XGS Firewall, WAF rules has 10 listed domains. What is the sort order based on for these domains? Whenever we delete one from say position 5, add a few new ones, then add the number 5 one again (we have saved and reopened the rule multiple times)…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WAF rules and IIS redirects with trailing slashes

    Martijn Bouman
    Martijn Bouman
    Situation. We have a WAF rule with several test sites in the domains list. Example below. test1.testurl.com test2.testurl.com test3.testurl.com test4.testurl.com These all point to one IIS. On the IIS these are all separate sites. When we…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • is it possible to combine SFOS WAF with the built in OTP / MFA function

    LHerzog
    LHerzog
    I found some old posts (>2y ago) about the XG WAF module not supporting MFA authentication for a webservice. Has this changed since? We want to use MFA before using on-prem Exchange OWA. Many internal users already have an Sophos MFA token and it…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS, WAF für Windows RDS Server 2022 mit Rollenaufteilung

    Loranus Pain
    Loranus Pain
    Hallo Community, Ich prüfe aktuelle das Setting mit einer XGS ( SFOS 19.5.3 MR-3-Build652) und dem Windows 2022 RDS. Die Rollen RDS Web und Gateway laufen auf einem dedizierten Server, der RDS Session Host und RDS Lizenz Server sind ebenfalls ein jeweils…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • Incorrect WAF SSL Certificate Served To Client

    haydenspence
    haydenspence
    Hi. I am facing an issue with the Web Application Firewall. I have several WAF rules configured, some using SSL and other are not. They point to a central web server. The domain name is used to differentiate each web app and that is forwarded on to…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WAF and RDG 2019

    MarcKOUSSOU
    MarcKOUSSOU
    Hi all, SFOS 19.5 Just got a problem with WAF and RDG 2019, i can't log to my server and i have this error: /rpc/rpcproxy.dll WAF Anomaly Inbound Anomaly Score Exceeded (Total Score: 13) Hope i will find…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WAF Authentication Forms shows 404 after upgrade to SFOS 19.5.3 MR-3-Build652

    Sergejs Guridi
    Sergejs Guridi
    After upgrade - all WAF with authentication form with template shows 404. Opening and saving Protection Policy - does not solve the issue. Recreation of Authentication Policy - does not solve the issue. Reimporting form template - does not solve…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Webserver Protection - Zertifikat ist nicht auswählbar

    KarstenFL
    KarstenFL
    Moin, ich muss mich zum ersten Mal mit der Webserver Protection auseinandersetzen. Dabei habe ich das Problem, dass ich beim Anlegen einer neuer Firewall Regel, das Zertifikat nicht auswählen kann. Was habe ich bisher gemacht? 1. Das Zertifikat…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • How to config waf without domain

    cy z
    cy z
    I want to set up a WAF on the firewall, but a domain needs to be set in the WAF rules. My server does not have a corresponding domain, how should I set it? I checked the official website manual, but I don't quite understand the statement in the manual…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • XGS webserver protection on port 8080

    Joerg Seyfried
    Joerg Seyfried
    Hi y'all, I am struggling with the following scenario: Webserver protection works fine for several sites. Now I would like to protect an internal web service that should be available via https (yes, http S ) on port 8080 (I know...). Webserver Protection…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WAF - Rule greift nicht, Verständnissproblem?

    Matthias Rieche
    Matthias Rieche
    Hallo zusammen, ich wollte mich mal mit den WAF Möglichkeiten beschäftigen. Grad das Path-Specifig Routing ist für mich interessant. Ich habe jetzt 2 VM´s in der DMZ, jeweils mit Apache2 auf Port 80 (alles Testhalber). Ich habe jetzt wie im Screenshot…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • RD-gateway connection is interrupted by other WAF rule changes? How and why?

    SenorChang
    SenorChang
    Hello, I have a question regarding if this a bug, feature or just misconfiguration of our part: I've successfully managed to configure the RD gateway and RD web access in the Sophos XG with WAF rule. I took the RDG 2012 profile provided by the XG and…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Using WAF to redirect a webserver root to a specific path?

    GernotMeyer
    GernotMeyer
    Hi all, I use a XGS 2300 with actual path level. We migrated fresh from UTM. In UTM we redirected in WAF to have mail.server.com redirected to mail.server.com/owa (Exchange Outlook Web Access). I only find old articles describing, that this is…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WAF und FQDN

    Team -IT
    Team -IT
    Hallo, hat jemand eine Idee, wie ich eine WAF (Web Server Protection) Rule so einstelle, dass der dahinterliegende Webserver nur von einigen FQDN Hosts erreicht werden kann. In der WAF Rule selbst kann ich ja nur IP und NETWORK auswählen als ALLOWED…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • Sophos XG WAF Zertifikat austauschen, wird nicht angewendet

    Patrick Wolfensberger
    Patrick Wolfensberger
    Hallo in die Runde Vergangene Woche ist mein Wildcard-Zertifikat ausgelaufen, welches ich für diverse WAF-Regeln verwende. Kein grosses Problem. Neues beschafft, eingespielt und den WAF-Regeln zugewiesen. Leider weigert sich meine Firewall konsequent…
    • over 2 years ago
    • Sophos Firewall
    • German Forum
  • XG 19.0.0: WAF Reverse Proxy soll Port 8443 https durchleiten Teil2

    Frederic Dzierzon
    Frederic Dzierzon
    Da mein Thread geschlossen wurde, weil ich zeitlich nicht weiter testen konnte muss ich nochmals damit anfangen :( Sorry XG 18.5.2: WAF Reverse Proxy soll Port 8443 https durchleiten Also hier die kurze Zusammenfassung: - Sophos XG - QNAP Nas Noch…
    • over 2 years ago
    • Sophos Firewall
    • German Forum
  • WAF - URL Hardening + Inbound anomaly

    Marcel Hoffmann
    Marcel Hoffmann
    Hallo Forum, ich bin gerade dabei, meine Web application Firewall-Profile von der UTM auf die XGS4500 zu übernehmen und habe Probleme mit dem static URL hardening, in diesem Fall bei ADFS Der Pfad /adfs/ls/ ist unter entry URLs eingetragen, aber…
    • over 2 years ago
    • Sophos Firewall
    • German Forum
  • WAF Regeln greifen nach RMA Migration nicht mehr, warum ?

    StefanS
    StefanS
    Hallo, haben hier erfolgreich eine RMA FW in Betrieb genommen, das Initial Image war v17.5.12 gewesen, Backup Basis v18.5.2. Während der der IBN der neuen FW wurde in mehreren Schritten durch den Installer die Firmware nach v18.5.2 gehoben. Soweit geht…
    • over 2 years ago
    • Sophos Firewall
    • German Forum
  • Fail2ban hinter XGS WAF

    Stefan Weber
    Stefan Weber
    Hallo zusammen, wir wollen unsere Webserver mit Fail2ban umstellen, sodass diese über WAF erreichbar sind. Da dann im Log des Webservers die Interne IP der Firewall auftaucht, wird leider diese von Fail2ban gebannt. Man kann zwar die IP X-Forwarded…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • View related content from anywhere
  • More
  • Cancel
<>