This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos WAF: HTTP Error 500 with external access to SAP Business One

Hello,

I have a problem with Sophos WAF and the external access to specific SAP Business One Services.

The access works completly fine with NAT however the company would like to use WAF for providing external access.
We get a HTTP ERROR 500 when trying to access the URL with this extra information:

"java.lang.RuntimeException: None of SP's internal[https://sapinternal:port/service/] and external address[[https://sapextern.domain.com:port/service]] haven't been found in value of the "x-forwarded-for" header [public ip-address]"

A ticket for SAP Support was already created but they couldn't help.

Does anybody have an idea why this appears and how it can be fixed?

Kind regards
Saphos



This thread was automatically locked due to age.
  • Hallo and welcome to the UTM Community!

    Please copy here about 60 lines from the WAF log where the 500 error occurs near the end.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    this was the only thing that had something to do with the web request:

    The lines before the live-protocol of the WAF were requests for different sites.

    httpd: id="0299" srcip="a.b.c.d" localip="w.x.y.z" size="290" user="-" host="" method="GET" statuscode="500" reason="-" extra="-" exceptions="-" time="5995" url="/service/" server="sapextern.domain.com:xyz" port="xyz" query="" referer="-" cookie="JSESSIONID=AB4A27CBDBB6A9724A6340C83F97E270" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Ywx2YUECIALHM7nvKL3NfwAAAOI"

    This can be found on the Tomcat server where the site is running:

    "java.lang.RuntimeException: None of SP's internal[https://sapinternal:port/service/] and external address[[https://sapextern.domain.com:port/service]] haven't been found in value of the "x-forwarded-for" header [public ip-address]"

    Kind regards
    Saphos

  • WAF statuscode="500" means the server doesn't like the WAF proxy.  What does the SAP community say about the error message on your server?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Haven't heard anything from the community so far.

    The offical SAP support recommended that we use nginx as a reverse proxy so I hope that somebody from the community has any experience with this topic.

    Kind regards
    Saphos

  • You will definitely want to have your reseller open a case with Sophos Support.  I suspect an Exception or two would resolve this, but someone needs to get in and look at the logs and your configuration.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA