Hi there,
i've have had quite the journey with WAF on UTM in conjunction of RDG 2012 R2 - 2019. I'm very much in at the end with everything working flawlessly (Android, iPhone, conventional RDP, Remote Apps, and the HTML5 RDS Webpage). Since everything is working now and my way to get there is really basic i want to double check if i didn't make an error somewhere down the line.
Using google trying to look for clues there are dozens and dozens of pages with different setups and combinations trying to get this thing to work and pretty much the gist of it was:
Entrypoints
/RDWeb/
/remoteDesktopGateway/
/rpc/
/rpc/rpcproxy.dll
etc...
And URL Hardening Rules exceptions
/RDWeb/*
etc...
(you get the gist).
This wasn't working for me in any way or form (sometimes this doesn't work sometimes that breaks etc...) so at some point i started fresh from the beginning.
What i ended up was as simple as:
Entrypoints:
/RDWeb
/remoteDesktopGateway
URL-Hardening:
/RDWeb*
/remoteDesktopGateway*
Everything checked except for bad rep blocking, sql injection, rigid filtering and skip option 960032
Now the question concerning this setup:
Is my security in any way or form compromised because i used the asterisk to "include" the slash at the end of the hardening exceptions?
This thread was automatically locked due to age.