Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 2771 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using WAF for Onwcloud X (Univention appliance) result on trusted domain error

Jonathan blesz

Hello all,

Since some days, i'm testing Sophos UTM 9 and I try to configure the WAF for my oncloud X server (hosted on Ownlcoud Univention appliance). 

Unfortunately it's not working and I need help to solve my issue.

 

My Network :

My WAF Configuration :

       

 

Owncloud Configuration:

I added my public IP and domain name as trusted domain into the config.php file

 

What is the problem :

When I try to access to Owncloud webpage, I have an error : 

You are accessing the server with not trusted domain.

Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domains" setting in config/config.php. An example configuration is provided in config/config.sample.php or at the documentation.

 

 

Troubleshooting:

To be sure that ownclud is correctly configured, I disabled the WAF and I created a NAT with the configuration below :

Result of the test: Owncloud is working fine, there is no more the "not trusted domain" error and I'm able to use perfectly Owncloud

 

Has anyone ever had this type of problem with WAF? and now how I can solve it?

 

Best regards,

Jonathan



This thread was automatically locked due to age.
Parents
  • 0

    Salut Jonathan and welcome to the UTM Community!

    What happens if you change the Real Server "OWC01" to port 80 instead of HTTPS?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Thanks for your reply,

    I tested with :

    - HTTP and HTTPS for the real server

    - HTTP and HTTPS for the virtual server

    - HTTP and HTTPS for both

    and each time the same issue :(

     

    Best regards,

    Jonathan

Reply Children
  • 0 in reply to Jonathan blesz

    Jonathan, did you try with HTTPS for the Virtual Server and HTTP for the Real Server?

    Please show the relevant line(s) from the WAF log when this block occurs.

    Am I correct in my understanding that this error message comes from OwnCloud?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi, yes i tied with :

    HTTP for real and HTTPS for virtual

    and then HTTPS for real and HTTP for virtual

    the result is continuously the same.

    Yes the error is comming from Owncloud, if I understand correctly what I found on some forum, this error appear because owncloud is not able to identify that i'm trying to access it with a trusted domain 5set into the owncloud config file)

     

    eroor message is continuously the same 

    {"reqId":"AjVAphmX39WQKpgvvdJo","level":2,"time":"2019-02-05T15:20:11+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"oL49zGhXj0dIZCsRrK8r","level":2,"time":"2019-02-05T15:35:11+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"3vpFCBvQnViNQE7OTYX1","level":2,"time":"2019-02-05T15:50:12+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"EoPa6hvOEcApCA3xCRsu","level":2,"time":"2019-02-05T16:05:14+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"cKncInxhgeMjMU0lNrzB","level":2,"time":"2019-02-05T16:20:15+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"ehtXpMpPFZjMudQ4lMBy","level":2,"time":"2019-02-05T16:22:08+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"sQcntdkQa01YGKbsTVOZ","level":2,"time":"2019-02-05T16:22:09+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"OcAvVDmahV0koczlfya7","level":2,"time":"2019-02-05T16:22:14+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"HzifCrnntAAhykSW6i1V","level":2,"time":"2019-02-05T16:22:15+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"kOiuJWh5YgRpTZiulEeW","level":2,"time":"2019-02-05T16:22:17+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"Z0Q4znLauPUwZHxrx76A","level":2,"time":"2019-02-05T16:37:16+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"4QzhsqZGfj8dwATXwiDB","level":2,"time":"2019-02-05T16:52:19+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"X3XKoE5qlNZPpa69VE6C","level":2,"time":"2019-02-05T17:07:21+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"70UhPwFaBgNWHLLBB53c","level":2,"time":"2019-02-05T17:22:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"xJRaS7KiEWWvkeNmVTkx","level":2,"time":"2019-02-05T17:37:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
    {"reqId":"pqVeaOtLLLvKH0sC9u3H","level":2,"time":"2019-02-05T17:52:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}

Unfiltered HTML