This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange OWA Access through Web Application Firewall

 So I am trying to configure Exchange OWA web access through the Webserver protection area on our UTM 9. I've followed the guide here: https://community.sophos.com/kb/en-us/131787

However I am still unable to login with a test user to our Exchange server. I can get as far as the UTM login pass-through page but here it just refreshes each time i put credentials in giving me no error.

I've attached the log below. Does anyone know what I might be doing wrong/what is going wrong?

 

Live Log: Web Application Firewall	
Filter:	
	Autoscroll	
Reload
2019:08:14-15:34:57 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="220" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="SkipURLHardening" time="46378" url="/favicon.ico" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcEcCoeAEAAHUNCIkAAAAG"
2019:08:14-15:35:06 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="189" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="331427" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcGsCoeAEAAHUNCIoAAAAG"
2019:08:14-15:35:06 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="78172" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcGsCoeAEAAHUNCIsAAAAG"
2019:08:14-15:35:15 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="83031" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcI8CoeAEAAHUNCIwAAAAG"
2019:08:14-15:35:24 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="79841" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcK8CoeAEAAHUNCI0AAAAG"
2019:08:14-15:35:31 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="85798" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcM8CoeAEAAHUNCI4AAAAG"
2019:08:14-15:35:42 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="83937" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcPsCoeAEAAHUNCI8AAAAG"
2019:08:14-15:36:34 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="74433" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQccsCoeAEAAHUNCJAAAAAI"
2019:08:14-15:36:34 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="49817" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQccsCoeAEAAHUNCJEAAAAI"
2019:08:14-15:36:46 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="81323" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=f2d9d62fd8bcaed9e655cee9abd8c5250cb06e5f;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQcfsCoeAEAAHUNCJIAAAAI"
2019:08:14-15:39:02 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="381" user="-" host="94.192.179.216" method="GET" statuscode="401" reason="auth" extra="authentication required" exceptions="-" time="62000" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdBsCoeAEAAHUNCJMAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="98351" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJQAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="213" user="-" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="27842" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJUAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="559" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="29367" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJYAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="552" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="28329" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJcAAAAJ"
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="13247" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="54027" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJgAAAAK"
2019:08:14-15:39:11 xan-utm httpd[29965]: [url_hardening:error] [pid 29965:tid 4043557744] [client 94.192.179.216:58919] No signature found, URI: https://xanexchange.xanalys.com/favicon.ico, referer: https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=
2019:08:14-15:39:11 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="220" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="SkipURLHardening" time="45745" url="/favicon.ico" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdD8CoeAEAAHUNCJkAAAAK"
2019:08:14-15:39:38 xan-utm httpd[29965]: [authnz_aua:error] [pid 29965:tid 4035165040] [client 94.192.179.216:58921] [james.outlook-test@xanalys.com] AUA responded with 'DENIED', referer: https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=
2019:08:14-15:39:38 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="213" user="james.outlook-test@xanalys.com" host="94.192.179.216" method="POST" statuscode="302" reason="auth" extra="user denied" exceptions="SkipURLHardening" time="276348" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdKsCoeAEAAHUNCJoAAAAL"
2019:08:14-15:39:39 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="559" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="31125" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdK8CoeAEAAHUNCJsAAAAL"
2019:08:14-15:39:39 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="552" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="27829" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdK8CoeAEAAHUNCJwAAAAL"
2019:08:14-15:39:39 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="13247" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="58393" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdK8CoeAEAAHUNCJ0AAAAL"
2019:08:14-15:39:39 xan-utm httpd[29965]: [url_hardening:error] [pid 29965:tid 4035165040] [client 94.192.179.216:58921] No signature found, URI: https://xanexchange.xanalys.com/favicon.ico, referer: https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=
2019:08:14-15:39:39 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="220" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="SkipURLHardening" time="48883" url="/favicon.ico" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdK8CoeAEAAHUNCJ4AAAAL"
2019:08:14-15:39:48 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="189" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="348849" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdNMCoeAEAAHUNCJ8AAAAL"
2019:08:14-15:39:48 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="69930" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdNMCoeAEAAHUNCKAAAAAL"
2019:08:14-15:39:59 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="0" user="-" host="94.192.179.216" method="-" statuscode="408" reason="-" extra="-" exceptions="-" time="7" url="-" server="-" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="-"
2019:08:14-15:40:19 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="381" user="-" host="94.192.179.216" method="GET" statuscode="401" reason="auth" extra="authentication required" exceptions="-" time="44353" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdU8CoeAEAAHUNCKEAAAAO"
2019:08:14-15:40:28 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="121556" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdXMCoeAEAAHUNCKIAAAAO"
2019:08:14-15:40:28 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="88155" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdXMCoeAEAAHUNCKMAAAAO"
2019:08:14-15:40:28 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="62245" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdXMCoeAEAAHUNCKQAAAAO"
2019:08:14-15:41:08 xan-utm httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="809" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="267" url="/lb-status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdhMCoeAEAAHUNCKUAAAAP"
2019:08:14-15:41:22 xan-utm httpd[29965]: [authz_blacklist:warn] [pid 29965:tid 3993201520] [client 52.125.138.122:33890] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:41:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1173" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdksCoeAEAAHUNCKYAAAAQ"
2019:08:14-15:41:44 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="94784" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdqMCoeAEAAHUNCKcAAAAR"
2019:08:14-15:41:51 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="68478" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=2ce6195e91a58f49c4dc884ad6f53fe4d387ebb1;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdr8CoeAEAAHUNCKgAAAAR"
2019:08:14-15:42:00 xan-utm httpd[31783]: Restarting gracefully
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroExcha2016Autod] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroTestWebsit] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroTika] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanmaWebma] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanmail2] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanpcidemo] does not exist
2019:08:14-15:42:01 xan-utm httpd[31788]: Syntax OK
2019:08:14-15:42:01 xan-utm httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="34445" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="764" url="/status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQducCoeAEAAHUNCKkAAAAS"
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroExcha2016Autod] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroTestWebsit] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroTika] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanmaWebma] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanmail2] does not exist
2019:08:14-15:42:01 xan-utm httpd[31817]: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroXanpcidemo] does not exist
2019:08:14-15:42:01 xan-utm httpd[7954]: [mpm_worker:notice] [pid 7954:tid 4147590848] AH00297: SIGUSR1 received. Doing graceful restart
2019:08:14-15:42:03 xan-utm httpd[7954]: [proxy_protocol:notice] [pid 7954:tid 4147590848] ProxyProtocol: disabled on 127.0.0.1:4080
2019:08:14-15:42:03 xan-utm httpd[7954]: [mpm_worker:notice] [pid 7954:tid 4147590848] AH00292: Apache/2.4.25 (Unix) OpenSSL/1.0.2j-fips configured -- resuming normal operations
2019:08:14-15:42:03 xan-utm httpd[7954]: [core:notice] [pid 7954:tid 4147590848] AH00094: Command line: '/usr/apache/bin/httpd'
2019:08:14-15:42:03 xan-utm httpd[7954]: [mpm_worker:warn] [pid 7954:tid 4147590848] AH00291: long lost child came home! (pid 29788)
2019:08:14-15:42:04 xan-utm httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="34217" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1510" url="/status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdvMCoeAEAAHxz6GYAAAA-"
2019:08:14-15:42:04 xan-utm httpd[32023]: Restarted
2019:08:14-15:42:10 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="381" user="-" host="94.192.179.216" method="GET" statuscode="401" reason="auth" extra="authentication required" exceptions="-" time="45390" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdwsCoeAEAAH0k6-0AAAAM"
2019:08:14-15:42:16 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="389987" url="/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k6-4AAAAM"
2019:08:14-15:42:16 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="213" user="-" host="94.192.179.216" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="21424" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="-" cookie="-" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k6-8AAAAM"
2019:08:14-15:42:16 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="559" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="29546" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k7AAAAAAM"
2019:08:14-15:42:16 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="552" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="23389" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k7AEAAAAM"
2019:08:14-15:42:17 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="13247" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="46399" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdyMCoeAEAAH0k7AIAAAAO"
2019:08:14-15:42:17 xan-utm httpd[32036]: [url_hardening:error] [pid 32036:tid 4009986928] [client 94.192.179.216:58931] No signature found, URI: https://xanexchange.xanalys.com/favicon.ico, referer: https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=
2019:08:14-15:42:17 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="220" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="SkipURLHardening" time="39848" url="/favicon.ico" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdycCoeAEAAH0k7AMAAAAO"
2019:08:14-15:42:24 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="189" user="james-outlook-test" host="94.192.179.216" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="339249" url="/owa_mzmirudqpf_login" server="xanexchange.xanalys.com" port="443" query="?L293YS8=" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQdz8CoeAEAAH0k7AQAAAAO"
2019:08:14-15:42:24 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="91393" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQd0MCoeAEAAH0k7AUAAAAO"
2019:08:14-15:42:32 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="70916" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQd2MCoeAEAAH0k7AYAAAAO"
2019:08:14-15:42:40 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="73712" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQd4MCoeAEAAH0k7AcAAAAO"
2019:08:14-15:42:49 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="66669" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQd6cCoeAEAAH0k7AgAAAAO"
2019:08:14-15:43:15 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3984808816] [client 52.125.141.36:54514] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:43:15 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1147" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQeA8CoeAEAAH0k7AkAAAAR"
2019:08:14-15:43:15 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3993201520] [client 52.125.141.36:54512] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:43:15 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1265" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQeA8CoeAEAAH0k7AoAAAAQ"
2019:08:14-15:44:48 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="25" user="james-outlook-test" host="94.192.179.216" method="GET" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" time="87549" url="/owa/" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8=" cookie="-" set-cookie="mzmirudqpf_cookie=3fe4b28ffb3137c44c79bce5080445fcc1c79349;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQeYMCoeAEAAH0k7AsAAAAT"
2019:08:14-15:50:06 xan-utm httpd[32036]: [authnz_aua:error] [pid 32036:tid 3951238000] [client 213.205.242.185:36846] [James-outlook-test] session timeout expired
2019:08:14-15:50:06 xan-utm httpd: id="0299" srcip="213.205.242.185" localip="82.68.126.11" size="221" user="James-outlook-test" host="213.205.242.185" method="GET" statuscode="302" reason="auth" extra="session timed out" exceptions="SkipURLHardening" time="93374" url="/owa/" server="xanexchange.xanalys.com" port="443" query="?bO=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Oq83PxczIxcvI; _ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1; mzmirudqpf_cookie=0eee9fab4eaf29d50ac01679c874cd4d2fa68504" set-cookie="mzmirudqpf_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQfnsCoeAEAAH0k7AwAAAAV"
2019:08:14-15:50:06 xan-utm httpd: id="0299" srcip="213.205.242.185" localip="82.68.126.11" size="567" user="-" host="213.205.242.185" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="24869" url="/owa_mzmirudqpf_form" server="xanexchange.xanalys.com" port="443" query="?L293YS8/Yk89MQ==" referer="-" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQfnsCoeAEAAH0k7A0AAAAV"
2019:08:14-15:50:07 xan-utm httpd: id="0299" srcip="213.205.242.185" localip="82.68.126.11" size="552" user="-" host="213.205.242.185" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="22857" url="/REF_RevAutForm/default_stylesheet.css" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQfn8CoeAEAAH0k7A4AAAAV"
2019:08:14-15:50:07 xan-utm httpd: id="0299" srcip="213.205.242.185" localip="82.68.126.11" size="13247" user="-" host="213.205.242.185" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="38503" url="/REF_RevAutForm/company_logo.png" server="xanexchange.xanalys.com" port="443" query="" referer="https://xanexchange.xanalys.com/owa_mzmirudqpf_form?L293YS8/Yk89MQ==" cookie="_ga=GA1.2.1922898412.1563806370; ClientId=F1D71FDA3CE84024A265742C45EEE317; X-OWA-JS-PSD=1" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQfn8CoeAEAAH0k7A8AAAAX"
2019:08:14-15:51:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3917667184] [client 52.125.138.122:49362] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:51:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1170" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQf6sCoeAEAAH0k7BAAAAAZ"
2019:08:14-15:51:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3900881776] [client 52.125.138.122:49364] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:51:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1075" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQf6sCoeAEAAH0k7BEAAAAb"
2019:08:14-15:53:15 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3884096368] [client 52.125.141.36:50462] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-15:53:15 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1121" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQgW8CoeAEAAH0k7BIAAAAd"
2019:08:14-16:01:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3867310960] [client 52.125.138.122:37230] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:01:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1405" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQiQsCoeAEAAH0k7BMAAAAf"
2019:08:14-16:01:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3850525552] [client 52.125.138.122:37228] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:01:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1135" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQiQsCoeAEAAH0k7BQAAAAh"
2019:08:14-16:03:16 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3825347440] [client 52.125.141.36:45276] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:03:16 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1217" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQitMCoeAEAAH0k7BUAAAAk"
2019:08:14-16:03:16 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3833740144] [client 52.125.141.36:45274] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:03:16 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1288" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQitMCoeAEAAH0k7BYAAAAj"
2019:08:14-16:11:22 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4043557744] [client 52.125.138.122:53172] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:11:22 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1208" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQkmsCoeAEAAH0k7BcAAAAK"
2019:08:14-16:13:16 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3808562032] [client 52.125.141.36:41072] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:13:16 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1460" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQlDMCoeAEAAH0k7BgAAAAm"
2019:08:14-16:21:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3791776624] [client 52.125.138.122:40866] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:21:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1430" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQm88CoeAEAAH0k7BkAAAAo"
2019:08:14-16:21:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3774991216] [client 52.125.138.122:40868] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:21:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1239" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQm88CoeAEAAH0k7BoAAAAq"
2019:08:14-16:23:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3758205808] [client 52.125.141.36:37532] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:23:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="830" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQnZcCoeAEAAH0k7BwAAAAs"
2019:08:14-16:23:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3741420400] [client 52.125.141.36:37534] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:23:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1800" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQnZcCoeAEAAH0k7BsAAAAu"
2019:08:14-16:31:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4060343152] [client 52.125.138.122:55970] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:31:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="808" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQpS8CoeAEAAH0k7B4AAAAI"
2019:08:14-16:31:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3724634992] [client 52.125.138.122:55968] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:31:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1529" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQpS8CoeAEAAH0k7B0AAAAw"
2019:08:14-16:33:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4077128560] [client 52.125.141.36:60312] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:33:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1108" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQpvcCoeAEAAH0k7B8AAAAG"
2019:08:14-16:33:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4093913968] [client 52.125.141.36:60322] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:33:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1351" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQpvcCoeAEAAH0k7CAAAAAE"
2019:08:14-16:41:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4110699376] [client 52.125.138.122:42490] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:41:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="3622" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQro8CoeAEAAH0k7CEAAAAC"
2019:08:14-16:43:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 4127484784] [client 52.125.141.36:54028] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:43:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3909274480] [client 52.125.141.36:54030] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:43:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1404" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQsFcCoeAEAAH0k7CIAAAAa"
2019:08:14-16:43:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1497" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQsFcCoeAEAAH0k7CMAAAAA"
2019:08:14-16:51:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3875703664] [client 52.125.138.122:56914] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:51:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="4922" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQt@8CoeAEAAH0k7CQAAAAe"
2019:08:14-16:51:23 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3892489072] [client 52.125.138.122:56912] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:51:23 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="4706" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQt@8CoeAEAAH0k7CUAAAAc"
2019:08:14-16:53:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3858918256] [client 52.125.141.36:47166] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:53:17 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3842132848] [client 52.125.141.36:47164] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-16:53:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="64428" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQubcCoeAEAAH0k7CYAAAAg"
2019:08:14-16:53:17 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="61263" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQubcCoeAEAAH0k7CcAAAAi"
2019:08:14-17:01:24 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3816954736] [client 52.125.138.122:43388] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-17:01:24 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="63013" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQwVMCoeAEAAH0k7CgAAAAl"
2019:08:14-17:01:24 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3800169328] [client 52.125.138.122:43386] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-17:01:24 xan-utm httpd: id="0299" srcip="52.125.138.122" localip="82.68.126.11" size="236" user="-" host="52.125.138.122" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="54839" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cmail.man&DeviceId=C438060913A5DFE2&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQwVMCoeAEAAH0k7CkAAAAn"
2019:08:14-17:03:18 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3783383920] [client 52.125.141.36:40138] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-17:03:18 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1184" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Sync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQwxsCoeAEAAH0k7CoAAAAp"
2019:08:14-17:03:18 xan-utm httpd[32036]: [authz_blacklist:warn] [pid 32036:tid 3766598512] [client 52.125.141.36:40136] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2019:08:14-17:03:18 xan-utm httpd: id="0299" srcip="52.125.141.36" localip="82.68.126.11" size="236" user="-" host="52.125.141.36" method="POST" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1400" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=DBDB469E0CEE2926&DeviceType=Outlook&Cmd=Ping" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVQwxsCoeAEAAH0k7CsAAAAr"

 



This thread was automatically locked due to age.
Parents
  • But this KB never said do authentication via UTM.

    I think that is the problem. Try to do the authentication on Exchange/IIS. This should help.

    Best regards

    Alex

    -

  • Alexander Busch said:
    But this KB never said do authentication via UTM.

    I think that is the problem. Try to do the authentication on Exchange/IIS. This should help.

    Best regards

    Alex

    It said optional was to use 'basic' or 'form' pass through. If I turn authentication off for the webserver then I get access denied message and no option to authenticate with owa

Reply
  • Alexander Busch said:
    But this KB never said do authentication via UTM.

    I think that is the problem. Try to do the authentication on Exchange/IIS. This should help.

    Best regards

    Alex

    It said optional was to use 'basic' or 'form' pass through. If I turn authentication off for the webserver then I get access denied message and no option to authenticate with owa

Children
No Data