Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 10308 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem accessing my website

AreshAreshi

HI

We having a problem witth one of our websites behind the UTM.

We did create the neccessey WAF rules for this website. when we dont use any Firewall profile we can access the website but when useing the basic profile we are not able to open some pages. I did check the WAF logs and see this and see any ID to Skip it in the rule. any idea?

2016:03:17-09:53:13 securitysrv1-2 reverseproxy: id="0299" srcip="82.95.118.54" localip="62.XX.XX.33" size="220" user="-" host="82.XX.XX.54" method="POST" statuscode="403" reason="waf" extra="Inbound Anomaly Score Exceeded (Total Score: 12, SQLi=7, XSS=5): Last Matched Message: SQL Injection Attack: SQL Operator Detected" exceptions="-" time="1363723" url="/Themes.aspx" server="ossecanon.nl" referer="mysite.com/Themes.aspx cookie="toestemmingvoorcookies=ja.1458122207122-988831550; __utmt=1; __utma=198157489.1099798894.1458118816.1458126940.1458204785.3; __utmb=198157489.3.10.1458204785; __utmc=198157489; __utmz=198157489.1458118816.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)" set-cookie="-"

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    statuscode="403" reason="waf" extra="Inbound Anomaly Score Exceeded (Total Score: 12, SQLi=7, XSS=5)

    Try your accesses from a different computer that isn't configured for the webmaster.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    statuscode="403" reason="waf" extra="Inbound Anomaly Score Exceeded (Total Score: 12, SQLi=7, XSS=5)

    Try your accesses from a different computer that isn't configured for the webmaster.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob,

    Thanks as Always for your reply.

    Sorry but I dont follow your suggestion! I try to access the website from a rendom PC over the internet. de web site is an a webserver with multiple web sites and we dont have any issue accessing those websites.

    Thanks

  • 0 in reply to AreshAreshi

    It just feels to me like a situation I saw where a guy using FrontPage to maintain his website tried to access the website from the computer configured to maintain the website.  FrontPage was connecting to the website during his test.  Try a test from a different computer.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I dont think this is case here, I did try to access the website from 2 diffeent locations but the some pages still wont display and show the above error. we have some id" exception for some of othere websites I did remove the basic profile from this website and add it to the exception and now  all of the pages dispaly correctly, we dont know which div id is responsible  for this issue but I think the only way to find out is removing the ids one by one untill find the correct one.

Unfiltered HTML