Working with a client on setting up WAF for their webservers. All seems to be going well except for one page. There is a page that allows people to see PDF files in their browser without downloading them.
For example, the url might be something like this
https://www.contoso.com/Contracts/Report.ashx?name=AcmeCorp-AA-01.PDF
What happens is the real web server reaches back to a file server (of some sorts) to pull up this PDF file for viewing. What the end user gets is some generic Sophos block page saying that the requested URL was blocked. I have completely removed all firewall profiles from the virtual webserver and still have had no luck. If you look in the log, you will see something similar to:
fw01-2 httpd[5097]: [proxy_http:error] [pid 5097:tid 3726895111] (20014)Internal error (specific information not available): [client x.x.x.x:63171] AH01110: error reading response
fw01-2 httpd: id="0299" srcip="x.x.x.x" localip="y.y.y.y" size="802" user="-" host="x.x.x.x" method="GET" statuscode="502" reason="-" extra="-" exceptions="-" time="3647" url="/contracts/report.ashx" server="www.contoso.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YAX6DG28az0Gb0YinLHZAAAPg"
Not sure where the breakdown is on this.
This thread was automatically locked due to age.