Working with a client on setting up WAF for their webservers. All seems to be going well except for one page. There is a page that allows people to see PDF files in their browser without downloading them.
For example, the url might be something like this
What happens is the real web server reaches back to a file server (of some sorts) to pull up this PDF file for viewing. What the end user gets is some generic Sophos block page saying that the requested URL was blocked. I have completely removed all firewall profiles from the virtual webserver and still have had no luck. If you look in the log, you will see something similar to:
fw01-2 httpd: [proxy_http:error] [pid 5097:tid 3726895111] (20014)Internal error (specific information not available): [client x.x.x.x:63171] AH01110: error reading response
fw01-2 httpd: id="0299" srcip="x.x.x.x" localip="y.y.y.y" size="802" user="-" host="x.x.x.x" method="GET" statuscode="502" reason="-" extra="-" exceptions="-" time="3647" url="/contracts/report.ashx" server="www.contoso.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YAX6DG28az0Gb0YinLHZAAAPg"
Not sure where the breakdown is on this.
A bit more detail. The file is actually streamed from a file server and then presented via the webpage.
"502" says there's an incompatibility. This will take too long to work out without someone getting in the machine. You're in the USA, so I would call Sophos Support to open a case as the Support Portal is STILL under maintenance. You will have to wait on hold for 30+ minutes, so you'll have time to work on another project .
Cheers - Bob