Hello,
I am trying to use site path routing under web application firewall and use a "DNS Host" entry in the allowed networks list however its not working.
If I have the dns host entry myhost.duckdns.org it resolves the IP correctly (172.X.X.X) when I hover over it. but when I try to access the site I get this in the log:
2018:02:11-01:18:20 sophos httpd[11890]: [authz_host:error] [pid 11890:tid 4005301104] [client 172.X.X.X:38181] AH01753: access check of 'myhost.duckdns.org' to /favicon.ico failed, reason: unable to get the remote host name, referer: https://sub.mysite.com/
2018:02:11-01:18:20 sophos httpd[11890]: [authz_core:error] [pid 11890:tid 4005301104] [client 172.X.X.X:38181] AH01630: client denied by server configuration: proxy:balancer://0e9f56dedc1c6a43ee0c263a6d1b336b/favicon.ico, referer: https://sub.mysite.com/
2018:02:11-01:18:20 sophos httpd: id="0299" srcip="172.X.X.X" localip="my public ip address" size="220" user="-" host="172.X.X.X" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="407" url="/favicon.ico" server="sub.mysite.com" port="443" query="" referer="https://sub.mysite.com/" cookie="-" set-cookie="-" uid="WoAKXKDSF5y5D4BBABz"
If I manually put the ip address itself in allowed networks it allows me through fine to my intended site. What can I do to get the dns host working? I am unable to use access control by IP since this is for a mobile device and the IP changes often so I was planning to use duckdns to update the IP so Sophos can constantly pick up the change.
This thread was automatically locked due to age.