This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Firewall blocking files

Working with a client on setting up WAF for their webservers. All seems to be going well except for one page.  There is a page that allows people to see PDF files in their browser without downloading them.

For example, the url might be something like this

https://www.contoso.com/Contracts/Report.ashx?name=AcmeCorp-AA-01.PDF

What happens is the real web server reaches back to a file server (of some sorts) to pull up this PDF file for viewing.  What the end user gets is some generic Sophos block page saying that the requested URL was blocked.  I have completely removed all firewall profiles from the virtual webserver and still have had no luck.  If you look in the log,  you will see something similar to:

fw01-2 httpd[5097]: [proxy_http:error] [pid 5097:tid 3726895111] (20014)Internal error (specific information not available): [client x.x.x.x:63171] AH01110: error reading response

fw01-2 httpd: id="0299" srcip="x.x.x.x" localip="y.y.y.y" size="802" user="-" host="x.x.x.x" method="GET" statuscode="502" reason="-" extra="-" exceptions="-" time="3647" url="/contracts/report.ashx" server="www.contoso.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YAX6DG28az0Gb0YinLHZAAAPg"

Not sure where the breakdown is on this.

 



This thread was automatically locked due to age.
Parents
  • A bit more detail.  The file is actually streamed from a file server and then presented via the webpage.

  • "502" says there's an incompatibility.  This will take too long to work out without someone getting in the machine.  You're in the USA, so I would call Sophos Support to open a case as the Support Portal is STILL under maintenance.  You will have to wait on hold for 30+ minutes, so you'll have time to work on another project Wink.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • "502" says there's an incompatibility.  This will take too long to work out without someone getting in the machine.  You're in the USA, so I would call Sophos Support to open a case as the Support Portal is STILL under maintenance.  You will have to wait on hold for 30+ minutes, so you'll have time to work on another project Wink.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data