Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 4 subscribers
  • Views 32910 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forbidden - You don't have permission to access / on this server.

zzzp8

Hi there

 

I am getting the below error when trying to access an external DNS address eg..   www.xxxx.co.uk 

 

The site is running on IIS, and has a host header for the correct URL . I have tried enabling/disabling URL rewrite and pass host headers, and also tried no firewall profile but with no luck. I cant seem to figure out where im going wrong, any ideas?

 

Thanks 

 

 

 

 

 

Virtual server setup:

 

 

 

 

 

 

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    WAF Logs (editted the domain name part)

     

     

    2018:07:02-22:59:07 ids httpd[13391]: [url_hardening:error] [pid 13391:tid 4013390704] [client 172.18.175.138:32796] Hostname in HTTP request (172.18.175.138) does not match the server name (files.xxxx.co.uk)
    2018:07:02-22:59:07 ids httpd: id="0299" srcip="172.18.175.138" localip="172.18.175.138" size="209" user="-" host="172.18.175.138" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="163" url="/" server="files.xxxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WzquO6wSr4oAADRPrvAAAABy"
    2018:07:02-22:59:07 ids httpd: id="0299" srcip="125.236.212.159" localip="172.18.175.138" size="183" user="-" host="125.236.212.159" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="1004" url="/" server="files.xxxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WzquO6wSr4oAADRPru8AAABx"
  • 0 in reply to zzzp8

    Setting up WAF takes some effort.  It looks like you've just drastically modified the "Basic Protection" Profile instead of starting it in "Monitor" mode and making sure you can connect first.  The log is confusing me because you don't have 'Static URL hardening' selected.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks. 

     

    I have set the Basic profile as follows:

     

     

    And retaken a capture of the logs here:

     

    2018:07:09-01:05:34 ids httpd[416]: [url_hardening:error] [pid 416:tid 4063746928] [client 125.236.212.159:19506] No signature found, URI: http://files.xxxxx.co.uk/
    2018:07:09-01:05:34 ids httpd[416]: [url_hardening:error] [pid 416:tid 4055354224] [client 172.18.175.138:33718] Hostname in HTTP request (172.18.175.138) does not match the server name (files.xxxxx.co.uk)
    2018:07:09-01:05:34 ids httpd: id="0299" srcip="172.18.175.138" localip="172.18.175.138" size="209" user="-" host="172.18.175.138" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="412" url="/" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K03qwSr4oAAAGgAeIAAAA7"
    2018:07:09-01:05:34 ids httpd: id="0299" srcip="125.236.212.159" localip="172.18.175.138" size="177" user="-" host="125.236.212.159" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="2850" url="/" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K03qwSr4oAAAGgAeEAAAA6"
    2018:07:09-01:05:35 ids httpd[416]: [url_hardening:error] [pid 416:tid 4046961520] [client 125.236.212.159:19510] No signature found, URI: files.xxxxx.co.uk/favicon.ico
    2018:07:09-01:05:35 ids httpd[416]: [url_hardening:error] [pid 416:tid 4038568816] [client 172.18.175.138:33719] Hostname in HTTP request (172.18.175.138) does not match the server name (files.xxxxx.co.uk)
    2018:07:09-01:05:35 ids httpd: id="0299" srcip="172.18.175.138" localip="172.18.175.138" size="220" user="-" host="172.18.175.138" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="419" url="/favicon.ico" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K036wSr4oAAAGgAeQAAAA9"
    2018:07:09-01:05:35 ids httpd: id="0299" srcip="125.236.212.159" localip="172.18.175.138" size="185" user="-" host="125.236.212.159" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="2247" url="/favicon.ico" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K036wSr4oAAAGgAeMAAAA8

     

     

     

     

Reply
  • 0 in reply to BAlfson

    Thanks. 

     

    I have set the Basic profile as follows:

     

     

    And retaken a capture of the logs here:

     

    2018:07:09-01:05:34 ids httpd[416]: [url_hardening:error] [pid 416:tid 4063746928] [client 125.236.212.159:19506] No signature found, URI: http://files.xxxxx.co.uk/
    2018:07:09-01:05:34 ids httpd[416]: [url_hardening:error] [pid 416:tid 4055354224] [client 172.18.175.138:33718] Hostname in HTTP request (172.18.175.138) does not match the server name (files.xxxxx.co.uk)
    2018:07:09-01:05:34 ids httpd: id="0299" srcip="172.18.175.138" localip="172.18.175.138" size="209" user="-" host="172.18.175.138" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="412" url="/" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K03qwSr4oAAAGgAeIAAAA7"
    2018:07:09-01:05:34 ids httpd: id="0299" srcip="125.236.212.159" localip="172.18.175.138" size="177" user="-" host="125.236.212.159" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="2850" url="/" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K03qwSr4oAAAGgAeEAAAA6"
    2018:07:09-01:05:35 ids httpd[416]: [url_hardening:error] [pid 416:tid 4046961520] [client 125.236.212.159:19510] No signature found, URI: files.xxxxx.co.uk/favicon.ico
    2018:07:09-01:05:35 ids httpd[416]: [url_hardening:error] [pid 416:tid 4038568816] [client 172.18.175.138:33719] Hostname in HTTP request (172.18.175.138) does not match the server name (files.xxxxx.co.uk)
    2018:07:09-01:05:35 ids httpd: id="0299" srcip="172.18.175.138" localip="172.18.175.138" size="220" user="-" host="172.18.175.138" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="419" url="/favicon.ico" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K036wSr4oAAAGgAeQAAAA9"
    2018:07:09-01:05:35 ids httpd: id="0299" srcip="125.236.212.159" localip="172.18.175.138" size="185" user="-" host="125.236.212.159" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="2247" url="/favicon.ico" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K036wSr4oAAAGgAeMAAAA8

     

     

     

     

Children
Unfiltered HTML