This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Jitsi Meet mit WAF

Hallo,

hat jemand schon mal Jitsi Meet Server hinter einer Sophos über die WAF zum laufen gebracht?

Klar könnte ich die Ports direkt weiter leiten, aber dann ist ja Exchange und andere Dienste per HTTPs WAF nicht mehr erreichbar.

Hätte hier vielleicht jemand einen Tipp für mich?

Grüße Frank



This thread was automatically locked due to age.
Parents
  • Hi H_Patel,

    the WAF Works with 3 Webservers behind the Sophos SG.

    But i cant reached the Jiti Meet Server behind the Sophos SG by WAF.

    If i Disable WAF and do some NAT with Ports 80,443,10000 it works but not with WAF.

    I need to get this Working.

    with WAF i got this error:

    Proxy Error

    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /.

    Reason: Error reading from remote server

    regards

    frank

  • Hallo Frank,

    Herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2

    Please show about 50 related lines from the Web Application Firewall log.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    this is what i get

    in the Log.

    2020:10:25-16:34:33 gateway httpd[32399]: [proxy_http:error] [pid 32399:tid 3951938416] (70014)End of file found: [client 109.42.3.49:1313] AH01102: error reading status line from remote server JITSI_Internal_IP:443
    2020:10:25-16:34:33 gateway httpd[32399]: [proxy:error] [pid 32399:tid 3951938416] [client 109.42.3.49:1313] AH00898: Error reading from remote server returned by /
    2020:10:25-16:34:33 gateway httpd: id="0299" srcip="109.42.3.49" localip="WAN_IP" size="379" user="-" host="109.42.3.49" method="GET" statuscode="502" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipTFT, SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken, SkipCookieSigning, SkipThreatsFilter" time="13423" url="/" server="meet.myhost.net" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X5WbCTLoppOChxHZZUspMwAAAKs"
    2020:10:25-16:34:35 gateway httpd[32399]: [proxy_http:error] [pid 32399:tid 3951938416] (70014)End of file found: [client 109.42.3.49:1313] AH01102: error reading status line from remote server JITSI_Internal_IP:443, referer: https://meet.myhost.net/
    2020:10:25-16:34:35 gateway httpd: id="0299" srcip="109.42.3.49" localip="WAN_IP" size="0" user="-" host="109.42.3.49" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipTFT, SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken, SkipCookieSigning, SkipThreatsFilter" time="12671" url="/favicon.ico" server="meet.myhost.net" port="80" query="" referer="https://meet.myhost.net/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X5WbCzLoppOChxHZZUspNAAAAKs"
    2020:10:25-16:34:35 gateway httpd[32399]: [proxy_http:error] [pid 32399:tid 4061043568] (70014)End of file found: [client 109.42.3.49:10196] AH01102: error reading status line from remote server JITSI_Internal_IP:443, referer: https://meet.myhost.net/
    2020:10:25-16:34:35 gateway httpd[32399]: [proxy:error] [pid 32399:tid 4061043568] [client 109.42.3.49:10196] AH00898: Error reading from remote server returned by /favicon.ico, referer: https://meet.myhost.net/
    2020:10:25-16:34:35 gateway httpd: id="0299" srcip="109.42.3.49" localip="WAN_IP" size="401" user="-" host="109.42.3.49" method="GET" statuscode="502" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipTFT, SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken, SkipCookieSigning, SkipThreatsFilter" time="12732" url="/favicon.ico" server="meet.myhost.net" port="443" query="" referer="https://meet.myhost.net/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X5WbCzLoppOChxHZZUspNQAAAJ4"
    2020:10:25-16:34:37 gateway httpd: id="0299" srcip="109.42.3.49" localip="WAN_IP" size="29" user="-" host="109.42.3.49" method="POST" statuscode="200" reason="-" extra="-" exceptions="-" time="5060770" url="/Microsoft-Server-ActiveSync" server="mail.freaky-media.net" port="443" query="?Cmd=Ping&User=frank&DeviceId=SEC1037E3C4CCECF&DeviceType=SamsungDevice" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X5WbCDLoppOChxHZZUspMQAAALw"
    

  • You're right, that's not much more info than what you already said, Frank,  Let's look at pictures of the Edits of the Virtual Server with 'Advanced' open and of the Firewall Profile.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    so here some Pics from Backend.

    Firewall Profile all Disables so no Scan or Check does.

    i had this done with the oder Ports 4443 - 

    by NAT Port 10000 is redirected to Jitsi Meeting

    maybe this hoped ..

    if you need some other Information, get in touch 

    best regards

    Frank

  • The only thing I can see to try, Frank, is 'HTML umschreiben'.  If that doesn't work, then I would say that you've proven that Jitsi is not compatible with WAF.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    this i fear - every Options i try end in an error.

    Hope some one else, found a solution.

Reply Children
No Data