This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 WAF Firewall, Static URL Hardening Exception question

Hi there,

i've have had quite the journey with WAF on UTM in conjunction of RDG 2012 R2 - 2019. I'm very much in at the end with everything working flawlessly (Android, iPhone, conventional RDP, Remote Apps, and the HTML5 RDS Webpage). Since everything is working now and my way to get there is really basic i want to double check if i didn't make an error somewhere down the line.

Using google trying to look for clues there are dozens and dozens of pages with different setups and combinations trying to get this thing to work and pretty much the gist of it was:

Entrypoints

/RDWeb/

/remoteDesktopGateway/

/rpc/

/rpc/rpcproxy.dll 

etc...

And URL Hardening Rules exceptions 

/RDWeb/*

etc... 

(you get the gist).

This wasn't working for me in any way or form (sometimes this doesn't work sometimes that breaks etc...) so at some point i started fresh from the beginning.

What i ended up was as simple as:

Entrypoints:

/RDWeb

/remoteDesktopGateway 

URL-Hardening:

/RDWeb*

/remoteDesktopGateway*

Everything checked except for bad rep blocking, sql injection, rigid filtering and skip option 960032

Now the question concerning this setup:

Is my security in any way or form compromised because i used the asterisk to "include" the slash at the end of the hardening exceptions? 



This thread was automatically locked due to age.