This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF 9.6 & websocket support

Has anybody tried this new feature. It sits under site path routing and I'm wondering in what instance you would use it?



This thread was automatically locked due to age.
Parents
  • Some people on this site have been asking for WAF to include websocket support for some time.   I understand it as a way to call a web function from within a program or another web page, in roughly the same way that you would call a subroutine.

    What I find fascinating is that websockets capability is not mentioned as a new feature in the release notes for either 9.60 or 9.61.    If it is not fully implemented, why is the user interface enabled?   Whether it is finished or not, why is nothing mentioned in the release notes?

  • Indeed. If you check the WAF logs, you will also see:

    websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XXXXXXXXXXXXXXXXXX"

     

    appended to the logs which wasn't there before....

Reply Children
  • Anybody tried this yet? It's curious that the option is situated under "site path routing"

    Does that mean that anything going to /SitePathRoute will use websocket instead?

  • My sense is, Louis, that those fields are only populated when the web server uses websockets.  It will be interesting to see if others that clamored for websocket support confirm that this works now.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Take a look at the Online Help.

    Enable WebSocket passthrough: Select this option if you want to allow WebSocket communication. That way WebSocket traffic is not controlled by the WAF at all and any other option you may have enabled in the WAF will not apply to WebSocket traffic.

    Its in XG since 2 years. 

    __________________________________________________________________________________________________________________

  • Hi Bob,

     

    I didn´t "clamor" for reverseproxy (but in fact for the webproxy function in UTM! still not there, right?!) but I needed this today and it actually works. In the developer tools in chrome for example you will see instead of http, the websocket protocol in red, as long it´s not working, the request will fail, until this feature is enabled.

     

    This is actually nice Sophos.

     

    BR,

    Sebastian