Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 3 subscribers
  • Views 3876 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DevOps administration ASMX authentication issue over UTM proxy

Mateusz Bender

We have an MS DevOps server running and exposed via UTM (no firewall, "pass host header" enabled). For almost everything this works absolutely fine - people are able to access the DevOps site, log in normally, commit code via GIT, etc.

However, certain administrative operations appear to be hampered. On the surface these calls seem to be just like any other DevOps call as they appear to be regular HTTP requests to just another URI this time being an ASMX service: /TeamFoundation/Administration/v3.0/LocationService.asmx

From what I can tell there are no custom authentication settings for that ASMX service vs any other part of the system, so I'm a bit confused why that particular part fails when it's passed via DevOps.

Any suggestions on what might be wrong? I guess I could install a local LE agent on the server and use some NAT rules to expose ports 80 and 443 directly but that eats up a public IP and generally feels like the wrong approach...

EDIT: To avoid needless spam. Turns out this is the same issue as described here: https://community.sophos.com/utm-firewall/f/hardware-installation-up2date-licensing/132837/waf-issues-after-updating-to-9-709-3/490536

Look at that thread for more information. I don't to mark this thread with an answer as that would be misleading (as there's currently no answer)...



This thread was automatically locked due to age.
Parents
  • 0

    Cześć Mateusz,

    What do you see in the WAF log related to  /TeamFoundation/Administration/v3.0/LocationService.asmx?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Good call! Something's wrong, but I don't yet know what. Here's what's logged:

    2022:03:27-19:50:58 firewall httpd[19792]: [proxy_http:error] [pid 19792:tid 3966999408] [client 10.150.1.42:53922] AH01086: read less bytes of request body than expected (got 0, expected 240)
2022:03:27-19:50:58 firewall httpd[19792]: [proxy_http:error] [pid 19792:tid 3966999408] [client 10.150.1.42:53922] AH10154: pass request body failed to 10.150.1.42:443 (srv-tfs-p03.local.net) from 10.150.1.42 () with status 500
2022:03:27-19:50:58 firewall httpd: id="0299" srcip="10.150.1.42" localip="<our public IP>" size="530" user="-" host="10.150.1.42" method="POST" statuscode="500" reason="-" extra="-" exceptions="-" time="75115" url="/TeamFoundation/Administration/v3.0/LocationService.asmx" server="<public server URL>" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="<UID>"

    The first two lines indicate some kind of error... 

  • 0 in reply to Mateusz Bender

    Apparently this is an ongoing issue, as a similar problem is described here:

    https://community.sophos.com/utm-firewall/f/hardware-installation-up2date-licensing/132837/waf-issues-after-updating-to-9-709-3/490536

    Now the big question is should I open a new Sophos support ticket or hope that one gets resolved... Sophos Support is... a bit slow and my experience was that they're mainly great at raising blood pressure... Sweat smile

Reply Children
No Data
Unfiltered HTML