This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF issues after updating to 9.709-3

Hi,

anyone else noticed that after updating to 9.709-3 Exchange Web Services is not working anymore? We get HTTP Error 500 when connecting to EWS published trhrough WAF. Also, the virtual server changes to orange when this error occurs. Accessing EWS through the browser shows the service page after authentication, but when interacting with EWS by using the Exchange Remote Connectivity Analyzer or EWS Editor generates the HTTP 500 error and the WAF rule turns orange.

When directly connecting to EWS and bypassing UTM works fine and we can interact with EWS.

Before the update everything worked fine.

Franc.



This thread was automatically locked due to age.
Parents Reply Children
  • Hoi Franc,

    Did trying Albeck's suggestion give you any new information?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hoi,

    which suggestions are you referring to? Setting to monitor or even not applying a firewall profile at all didn’t help. Enabling sockets also doesn’t help. Everything worked fine for years, until installing 9.709-3.

  • Here's are the complete log entries for the issue:

    2022:03:02-13:07:00 firewall-1 httpd[29345]: [proxy_http:error] [pid 29345:tid 4084087664] [client <ip>:64185] AH01086: read less bytes of request body than expected (got 0, expected 634)
    2022:03:02-13:07:00 firewall-1 httpd[29345]: [proxy_http:error] [pid 29345:tid 4084087664] [client <ip>:64185] AH10154: pass request body failed to <ip>:443 (<ip>) from <ip> () with status 500
    2022:03:02-13:07:00 firewall-1 httpd: id="0299" srcip="<ip>" localip="<ip>" size="538" user="-" host="<ip>" method="POST" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardeningMissingToken" time="17848" url="/EWS/Exchange.asmx"

  • Have you had any update on this as I am having the same issue.  This is having an impact on our Hybrid setup with Office365.  One major headache, we can't migrate users.  This is affecting  Autodiscover and EWS.  I don't have the firewall profile set, so hardening should not be taking place.  All was working before the upgrade.

    This is the error you get back using the Microsoft connectivity Analyzer 

    The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
     
    Additional Details
    An HTTP 500 response was returned from Unknown.
    HTTP Response Headers: Connection: close
    Content-Length: 530
    Content-Type: text/html; charset=iso-8859-1
    Date: Sat, 05 Mar 2022 20:38:47 GMT
    Server: Apache
    The connection never makes it to the internal Exchange server.
  • No, I didn’t hear anything yet, but the support call goes through our supplier, but they didn’t inform me either that they received a response from Sophos support. Waiting for more than a week now to schedule a remote session.

    The error you get is the same as we are having. We took the UTM out and are using our Kemp load balancer now to do the proxying,

  • Hi Bob,

    The WAF is partly based on mod_proxy_http or ModSec. In case of error messages like AH01086 it can be helpful to search or ask in the Apache communit., Maybe my approach will help

    Regards Max