This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forbidden - You don't have permission to access / on this server.

Hi there

 

I am getting the below error when trying to access an external DNS address eg..   www.xxxx.co.uk 

 

The site is running on IIS, and has a host header for the correct URL . I have tried enabling/disabling URL rewrite and pass host headers, and also tried no firewall profile but with no luck. I cant seem to figure out where im going wrong, any ideas?

 

Thanks 

 

 

 

 

 

Virtual server setup:

 

 

 

 

 

 

 

 

 



This thread was automatically locked due to age.
Parents
  • WAF Logs (editted the domain name part)

     

     

    2018:07:02-22:59:07 ids httpd[13391]: [url_hardening:error] [pid 13391:tid 4013390704] [client 172.18.175.138:32796] Hostname in HTTP request (172.18.175.138) does not match the server name (files.xxxx.co.uk)
    2018:07:02-22:59:07 ids httpd: id="0299" srcip="172.18.175.138" localip="172.18.175.138" size="209" user="-" host="172.18.175.138" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="163" url="/" server="files.xxxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WzquO6wSr4oAADRPrvAAAABy"
    2018:07:02-22:59:07 ids httpd: id="0299" srcip="125.236.212.159" localip="172.18.175.138" size="183" user="-" host="125.236.212.159" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="1004" url="/" server="files.xxxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WzquO6wSr4oAADRPru8AAABx"
  • Setting up WAF takes some effort.  It looks like you've just drastically modified the "Basic Protection" Profile instead of starting it in "Monitor" mode and making sure you can connect first.  The log is confusing me because you don't have 'Static URL hardening' selected.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks. 

     

    I have set the Basic profile as follows:

     

     

    And retaken a capture of the logs here:

     

    2018:07:09-01:05:34 ids httpd[416]: [url_hardening:error] [pid 416:tid 4063746928] [client 125.236.212.159:19506] No signature found, URI: http://files.xxxxx.co.uk/
    2018:07:09-01:05:34 ids httpd[416]: [url_hardening:error] [pid 416:tid 4055354224] [client 172.18.175.138:33718] Hostname in HTTP request (172.18.175.138) does not match the server name (files.xxxxx.co.uk)
    2018:07:09-01:05:34 ids httpd: id="0299" srcip="172.18.175.138" localip="172.18.175.138" size="209" user="-" host="172.18.175.138" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="412" url="/" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K03qwSr4oAAAGgAeIAAAA7"
    2018:07:09-01:05:34 ids httpd: id="0299" srcip="125.236.212.159" localip="172.18.175.138" size="177" user="-" host="125.236.212.159" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="2850" url="/" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K03qwSr4oAAAGgAeEAAAA6"
    2018:07:09-01:05:35 ids httpd[416]: [url_hardening:error] [pid 416:tid 4046961520] [client 125.236.212.159:19510] No signature found, URI: files.xxxxx.co.uk/favicon.ico
    2018:07:09-01:05:35 ids httpd[416]: [url_hardening:error] [pid 416:tid 4038568816] [client 172.18.175.138:33719] Hostname in HTTP request (172.18.175.138) does not match the server name (files.xxxxx.co.uk)
    2018:07:09-01:05:35 ids httpd: id="0299" srcip="172.18.175.138" localip="172.18.175.138" size="220" user="-" host="172.18.175.138" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="419" url="/favicon.ico" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K036wSr4oAAAGgAeQAAAA9"
    2018:07:09-01:05:35 ids httpd: id="0299" srcip="125.236.212.159" localip="172.18.175.138" size="185" user="-" host="125.236.212.159" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="2247" url="/favicon.ico" server="files.xxxxx.co.uk" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="W0K036wSr4oAAAGgAeMAAAA8

     

     

     

     

  • This is screen I get when I browse to the URL:

     

  • I suspect that you have no such problem if 'Static URL hardening' is not selected.  If so, then since you've already tried enabling/disabling URL rewrite and pass host headers, this would indicate that your website is returning URLs that contain fixed IPs - can you check that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I suspect that you have no such problem if 'Static URL hardening' is not selected.  If so, then since you've already tried enabling/disabling URL rewrite and pass host headers, this would indicate that your website is returning URLs that contain fixed IPs - can you check that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children