Working with a client on setting up WAF for their webservers. All seems to be going well except for one page. There is a page that allows people to see PDF files in their browser without downloading them.
For example, the url might be something like this
What happens is the real web server reaches back to a file server (of some sorts) to pull up this PDF file for viewing. What the end user gets is some generic Sophos block page saying that the requested URL was blocked. I have completely removed all firewall profiles from the virtual webserver and still have had no luck. If you look in the log, you will see something similar to:
fw01-2 httpd: [proxy_http:error] [pid 5097:tid 3726895111] (20014)Internal error (specific information not available): [client x.x.x.x:63171] AH01110: error reading response
fw01-2 httpd: id="0299" srcip="x.x.x.x" localip="y.y.y.y" size="802" user="-" host="x.x.x.x" method="GET" statuscode="502" reason="-" extra="-" exceptions="-" time="3647" url="/contracts/report.ashx" server="www.contoso.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YAX6DG28az0Gb0YinLHZAAAPg"
Not sure where the breakdown is on this.
Thank you for reaching out to the Community.
Have you tried to access the file from a different browser? Try on Firefox?
Can you provide some more log lines and the source public IP address via sending me a personal message?
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Yes, we have tried Chrome, Edge, IE and such with the same results. Let me get you some more info.