Any way to fix this problem from Sophos UTM GUI?We want to publish our webapplication but we are facing some problems with "/" decoding.
Was this Problem solved before?
LOG FROM SOPHOS:
2020:06:22-15:13:58 firewall-1 httpd: [core:notice] [pid 29313:tid 3750837104] [client xxxxxxx] AH00026: found %2f (encoded '/') in URI (decoded='/core/rest/secure/media/storeFileContent/test/TestP.ruletree'), returning 404
Our SOPHOS Firewall SG310 UTM 9 (Firmware version: 9.702-1)
Hallo Lukas and welcome to the UTM Community!
I'm confused about your question. First, this is the forum for the UTM Manager Application - a separate app that is used to manage multiple UTMs. Next, you talk about publishing a web application, but you show us a line from the HTTP Daemon log which only records actions taken by the code when someone accesses WebAdmin or the User Portal.
I'll move this thread to the Web Server Security forum. Please show us a picture of the error you're seeing.
Cheers - Bob
I recognize this is a message from the Web Application Firewall log.
It means that it has detected what appears to be a web URL trying to play tricks, because the request includes a slash which is entered as a hex sequence rather than a slash character.
The WAF blocked the request. Status code 404 was returned to the user, which means "Forbidden"
If you are sure that you need this to be allowed, you will need to figure out which rule is involved. You are looking for a long entry containing a token of the form [id 999999]. Then you add that rule ID to the exceptions list. Perhaps the token is in part of this message that you did not include, or perhaps it is in an adjacent message. WAF messages can stretch across multiple log entries.
Most of the UTM WAF configuration options have the effect of enabling or disabling an entire category of rules. So another way to experiment is to turn off WAF options until you find the one that blocks the request when enabled, and allows it when disabled. Just remember that you have disabled a category by this method, not just one rule.
If you cannot find the right way to override, you will need to get Sophos support involved.