Hello eveyrone, I have created a WAF rule on all my Website, which is in "moitor" mode : I went to reverseproxy.log to see if I had errors, warning... and I have many many logs like : [cookie:error] [form_hardening:error] [security2:error…

Hello, I would like to do this : Allow all internet v4 IP on www.mywebsite.fr Allow specify IP on www.mywebsite.fr/admin Is it possible with Sophos XG 18 ? Thank you very much.

It seems that it is impossible to create WAF rules for web servers with https so that the web server would use its own certificate instead of cert from the firewall. Is it really so and is there any trick going around this problem?

We have a new SSL certificate installed in Sophos for a website we are hosting. When I configure the web server with an HTTP encryption, there is no issue. But when I change it to HTTPS encryption, these are the issues we are having: From internal network…

Hello! We are using sophos Web Server Protection to proxy our websites, One of our editors is suffering from this error: Sometimes get this message after 2 mins of usage, sometimes 15-30 mins, after this tried to flush all caches (10x times a day!)…

We have XGS3100 and in one web application, the following error is displayed in the browser when passing credentials: Bad Request Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit…

I have a fresh install of Sophos XG Firewall Home (SFOS 18.5.2 MR-2-Build380) Everything is working except I can not get the WAF to recognize that I have created as web server. I created a host in Host and Services ! created a web Server in Web…

Hi, I have one problem with my webserver. It´s an VM, with only a public IP, so no internal private IP, that it can be translated to. I set up firewall XG from ground, since I was expecting problems with one VLAN, that wasn´t accessable anymore, even…

Hello, Does the Sophos XG/XGS WAF (18.5) really work with recent Exchange and RD Gateway (2016/2019/2022) ? I have searched in community, in manuals, all over the internet, but I didn't find any "clear" answer, article or procedure with a WAF configuration…

hi, i am configuring WAF , so that server which is behind the firewall woudl be access over interner securely. i configured WAF, getting following error Proxy Error The proxy server could not handle the request. Reason: Error during SSL handshake…

Hi all, I have the exact problem as described by this member below. Basically, I have the radius and duo authentication proxy working fine for the user portal and SSL VPN but it won't work with WAF. The WAF authentication form seems to send multiple…

Hello all I need to reidrect all external HTTP traffic into HTTPS traffic before it reaches the clients. this need to be done without the need of any action needed from the clients side. is this feasible ? and do we need to purchase an SSL certificate…

Hello, We did a Pentesting for 5 days on your Website which are behind XG WAF Firewall. In the firewall rule, Advanced, Protection, We create a protection policy with is in Monitor Mode So now I would like to see if we have log of the Pentesting…

Hi, how to define a WAF rule to reach the portal via port 443? Portal is reachable via port 4443, but the WAF rule seams not to work. We use SNI to direct the WAF rules to the right server. Works that way on UTM, what did I wrong? Thanks Henri…

Hello, I would like for SOFS 18 to authenticate users on the device before granting access to a web server using WAF. I found the article below but refers to UTM 9 and I can't adapt to SOFS 18. Can anyone help please? Thanks support.sophos.com…

Hello Community, for one Web-Service we need to pass a WebSocket through the WAF. Is it possible to create a rule for " wss://" Traffic? Thanks, Ben

I've followed KB-000041605 and the Posting from KingChris and changed the entry in the file /usr/apache/conf/httpd.conf After that I've restarted the WAF service. Still there has been no change in the reported Active Cypher Suites on the SSL LABS…

At a Pen Test for one of our websites behind WAF we received the message that the server was using only Default Prime Numbers. How can we change this?

Hey Fam, dows anyone ever worked with Webserver protection and bigbluebutton? I´ve created a new webserver (https) and called everything that comes to bbb.domain.com go to my internal bbb server. So far so good, I can login, I can browse BUT when…

Hey everybody, actually I have a couple of Applications I Host behind the Sophos. When I need the BigBlueButton Server I change my HTTPS access from OWA to BBB. How can I use all of them (NextCloud, OWA, BigBlueButton, Wordpress) at the same time…

I noticed this just recently when a client's servers were down for maintenance. If you set up a WAF rule with a target of an FQDN host, and if this host can't be resolved, the error message contains the name of the internal server, eg: The proxy server…

I am on 18.5 MR2 Build 380. Every time I reboot the firewall, the WAF is not starting. In reversproxy.log these same lines appear every couple of seconds: [Fri Jan 28 16:02:27.194845 2022] [core:warn] [pid 17313:tid 139992993545088] AH00111: Config…

I have a nginx web server, Sophos XG and websites goes through cloudflare. I am trying to configure the WAF so I tried 2 different things with the same result One was to create the certificate as explained here https://community.sophos.com/sophos…

When updating a Cert from year to year. Why does the "Domains" in a waf rule reset to default. This is annoying. If the coverage of the cert is the same it shouldn't reset the field.

Hi, We've a XG230 running SFOS 18.5.2 MR-2-Build380 Under Web Server -> General Settings -> TLS version settings I have three options. TLS v1 or later TLS v1.1 or later TLS v1.2 We have TLS v1.2 selected. I've checked and can confirm…