This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF RDS Gateway 2019

Hi all,

Since the upgrade to UTM 9.7, i can't connect to my RDS Gateway 2019.

This is my log when i initiate a connection.

2020:12:16-09:24:58 kpi_utm httpd[27540]: [security2:error] [pid 27540:tid 3792272240] [client XXX.XXX.XXX.XXX:50975] [client XXX.XXX.XXX.XXX] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "YYY.YYY.YYY.YYY"] [uri "/KdcProxy"] [unique_id "X9oKqozTcfz1eFUY5C8G4gAAACg"]
2020:12:16-09:24:58 kpi_utm httpd: id="0299" srcip="XXX.XXX.XXX.XXX" localip="ZZZ.ZZZ.ZZZ.ZZZ" size="217" user="-" host="XXX.XXX.XXX.XXX" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="41403" url="/KdcProxy" server="YYY.YYY.YYY.YYY" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X9oKqozTcfz1eFUY5C8G4gAAACg"
2020:12:16-09:24:58 kpi_utm httpd[27540]: [security2:error] [pid 27540:tid 3792272240] [client XXX.XXX.XXX.XXX:50975] [client XXX.XXX.XXX.XXX] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "YYY.YYY.YYY.YYY"] [uri "/KdcProxy"] [unique_id "X9oKqozTcfz1eFUY5C8G4wAAACg"]
2020:12:16-09:24:58 kpi_utm httpd: id="0299" srcip="XXX.XXX.XXX.XXX" localip="ZZZ.ZZZ.ZZZ.ZZZ" size="1675" user="-" host="XXX.XXX.XXX.XXX" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="38309" url="/KdcProxy" server="YYY.YYY.YYY.YYY" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X9oKqozTcfz1eFUY5C8G4wAAACg"
2020:12:16-09:24:58 kpi_utm httpd[27540]: [security2:error] [pid 27540:tid 3867806576] [client XXX.XXX.XXX.XXX:50974] [client XXX.XXX.XXX.XXX] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "YYY.YYY.YYY.YYY"] [uri "/remoteDesktopGateway/"] [unique_id "X9oKqozTcfz1eFUY5C8G5AAAAB8"]
2020:12:16-09:24:58 kpi_utm httpd: id="0299" srcip="XXX.XXX.XXX.XXX" localip="ZZZ.ZZZ.ZZZ.ZZZ" size="0" user="-" host="XXX.XXX.XXX.XXX" method="RDG_OUT_DATA" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="85947" url="/remoteDesktopGateway/" server="YYY.YYY.YYY.YYY" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="wss" websocket_protocol="-" websocket_key="Yk1AB+xApXZw14DmcoeRAA==" websocket_version="13" uid="X9oKqozTcfz1eFUY5C8G5AAAAB8"
2020:12:16-09:28:14 kpi_utm httpd[29283]: [security2:error] [pid 29283:tid 4086016880] [client XXX.XXX.XXX.XXX:51412] [client XXX.XXX.XXX.XXX] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "YYY.YYY.YYY.YYY"] [uri "/KdcProxy"] [unique_id "X9oLbv3Og0fRevKyQTO5kwAAAAU"]
2020:12:16-09:28:14 kpi_utm httpd: id="0299" srcip="XXX.XXX.XXX.XXX" localip="ZZZ.ZZZ.ZZZ.ZZZ" size="217" user="-" host="XXX.XXX.XXX.XXX" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="63166" url="/KdcProxy" server="YYY.YYY.YYY.YYY" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X9oLbv3Og0fRevKyQTO5kwAAAAU"
2020:12:16-09:28:14 kpi_utm httpd[29283]: [security2:error] [pid 29283:tid 4086016880] [client XXX.XXX.XXX.XXX:51412] [client XXX.XXX.XXX.XXX] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "YYY.YYY.YYY.YYY"] [uri "/KdcProxy"] [unique_id "X9oLbv3Og0fRevKyQTO5lAAAAAU"]
2020:12:16-09:28:14 kpi_utm httpd: id="0299" srcip="XXX.XXX.XXX.XXX" localip="ZZZ.ZZZ.ZZZ.ZZZ" size="1675" user="-" host="XXX.XXX.XXX.XXX" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="54890" url="/KdcProxy" server="YYY.YYY.YYY.YYY" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X9oLbv3Og0fRevKyQTO5lAAAAAU"
2020:12:16-09:28:14 kpi_utm httpd[29283]: [security2:error] [pid 29283:tid 4094409584] [client XXX.XXX.XXX.XXX:51411] [client XXX.XXX.XXX.XXX] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "YYY.YYY.YYY.YYY"] [uri "/remoteDesktopGateway/"] [unique_id "X9oLbv3Og0fRevKyQTO5lQAAAAQ"]
2020:12:16-09:28:15 kpi_utm httpd: id="0299" srcip="XXX.XXX.XXX.XXX" localip="ZZZ.ZZZ.ZZZ.ZZZ" size="0" user="-" host="XXX.XXX.XXX.XXX" method="RDG_OUT_DATA" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="99368" url="/remoteDesktopGateway/" server="YYY.YYY.YYY.YYY" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="wss" websocket_protocol="-" websocket_key="tjMlDBD8PtoKkK3y+4+/Gw==" websocket_version="13" uid="X9oLbv3Og0fRevKyQTO5lQAAAAQ"
XXX.XXX.XXX.XXX :ip of my external
YYY.YYY.YYY.YYY : name of my rds gateway.
Thanks for your help !!


This thread was automatically locked due to age.
Parents
  • Salut Marc and welcome to the UTM Community!

    Have you selected 'Enable WebSocket passthrough'in the Site Path Route?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Salut Marc and welcome to the UTM Community!

    Have you selected 'Enable WebSocket passthrough'in the Site Path Route?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children