This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting WAF to pass to the correct sites

Good evening.  I am trying to set up the UTM (9.711-5) to handle the websites from the IIS machine.  I currently have WAF working with Exchange.  So I have DynDNS entries for the DNS names that I need for the two sites, both point to the IP address on the External Interface for the UTM.

I have 4 sites that I am running on the IIS server, in the configuration of Site1.domain.com, Site2.domain.com, Site1.domain.com/Site3, and Site1.domain.com/Site4.  Site1 is on port 443 and Site2 is on port 444.  Internally on the network this works without a problem.  I call site1, it loads up, I hit the login button it sends a challenge to site 2, Site 2 then pops up the login screen and authorization screen, if needed.  Site 2 passes everything back to Site 1.

So I have set up a Firewall Profile (which I am still adjusting):

Mode: Reject
Hardening & Signing: Cookie Signing
Filtering: Block clients with bad reputation
Common threats filter
Scanning: Antivirus (Dual Scan)

(I originally had form hardening but this was giving many errors, so I removed that for the moment).

Under the Real Webservers I have the IIS machine and HTTPS (Encrypted)

Under the Virtual Webservers I set up two entries:

For Site 1:
Interface: External

Type: HTTPS & Redirect

Port: 443

Certificate points to the certificate for this site (which shows the correct domain)

Real WebServer I have the IIS Machine checked and the Exchange machine unchecked.

Firewall Profile: points to the one that was set up above

Advanced: Pass host headers

For Site 2:

Type: HTTPS & Redirect

Port: 444

Certificate points to the certificate for this site (which shows the correct domain)

Real WebServer I have the IIS Machine checked and the Exchange machine unchecked.

Firewall Profile: points to the one that was set up above

Advanced: Pass host headers

When I select the login I am supposed to be redirected as follows:
https://site2.domain.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dsite-raz%26redirect_uri%3Dhttps%253A%252F%252Fsite1.domain.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D5BffzAj3mevUfigkr9yYVTBMwnSF56_1fkZYjDxQr2A%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637976652948829102.NDMwOTQ1NGYtZTM3Ni00ODkwLWFiZDMtNmQ4MTc1M2UyYmFkMjJmNGVlNTgtMTNmMC00YWIxLWJmNzUtMTI4ODM3ZDIwY2Nl%26state%3DCfDJ8Pxpv025fH9OrWmSiY-syag8_QiY3DGHSIdeW96_S-kHMiUlhCY2EetveAxr2ss_fQz8PtAQZOe1sd6PVSMYxjr-kbG_zv-kqRH8o8g7I0XOmhOjAewvRnbMrCECYnFnIVoAQxl1AE45WW-h7auLLrPZpBilSTJdjTPIYpH6KbpM8zaSX2BL7_M3NKW4FUhdRbQexegzcGfZxUXey9f7Mj6kK7ZnuH2t6KTaLiPMMuVHGjd4KC1H3J0XksBBwo0rE1fLQorr_gxk0fSWSwsQFPXXpbumZopPIpDw2A7dyPq6u7-iq_Un3-m52PjSMt8idxR-j2ZP0L95BTKENVHxW5lw0jDzO5vcqHm-GaU6ke3G0wpMdh-37s5xC3-doUE-NQ%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0

What is happening is that this times out when select the login link.  I can see in the logs where site1 is called and activated, but I am not seeing what I am looking for with Site2 being called in the logs.  Which has me wondering where I made a mistake in the setup.  I can provide information if needed.  Or is this even possible.  Any help would be appreciated.



This thread was automatically locked due to age.
Parents
  • Hi Mike,

    I'm a visual-tactile learner, so to "see" what you've described, I'd have to draw a diagram and create, step-by-step, the configuration you describe.  Please insert pictures of the Edits of the relevant configurations.  Also copy here the relevant lines from the WAF log when the login fails.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Here are the configurations:

    Virtual Servers:

    Real Server:

    Profile:

    Log information:

    2022:09:01-07:10:59 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1545" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="9601620" url="/" server="wwwd.mrm2inc.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTOfvlvVcuf3wABq6bhQAAAH0"
    
    2022:09:01-07:10:59 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3916991344] [client 174.206.112.34:12819] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:10:59 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1334" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTQ_vlvVcuf3wABq6bhgAAAH0"
    
    2022:09:01-07:10:59 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="20817" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTQ_vlvVcuf3wABq6bhwAAAH0"
    
    2022:09:01-07:10:59 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3916991344] [client 174.206.112.34:12819] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:10:59 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1037" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTQ_vlvVcuf3wABq6biAAAAH0"
    
    2022:09:01-07:10:59 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="8536" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="66345" url="/lib/jqueryui/themes/smoothness/jquery-ui.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTQ_vlvVcuf3wABq6biQAAAH0"
    
    2022:09:01-07:10:59 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="4919" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="25648" url="/images/BackgroundImages/IdentityLogo.png" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTQ_vlvVcuf3wABq6bigAAAIA"
    
    2022:09:01-07:10:59 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="17271" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTQ_vlvVcuf3wABq6bjAAAAH0"
    
    2022:09:01-07:11:00 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1738865" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="949531" url="/images/BackgroundImages/IdentityBackground.png" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTQ_vlvVcuf3wABq6biwAAAIA"
    
    2022:09:01-07:11:11 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1539" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="28033" url="/" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTT_vlvVcuf3wABq6bkAAAAIM"
    
    2022:09:01-07:11:11 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3866635120] [client 174.206.112.34:12812] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:11:11 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1086" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTT_vlvVcuf3wABq6bkQAAAIM"
    
    2022:09:01-07:11:11 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="3267" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTT_vlvVcuf3wABq6bkgAAAIM"
    
    2022:09:01-07:11:11 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3866635120] [client 174.206.112.34:12812] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:11:11 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1320" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTT_vlvVcuf3wABq6bkwAAAIM"
    
    2022:09:01-07:11:11 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="3409" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTT_vlvVcuf3wABq6blAAAAIM"
    
    2022:09:01-07:11:13 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="6859739" url="/Identity/Account/Login" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie=".AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syaimwisVyODqHtIGRBxFYi0Gax9IZG72neRT9Vqh2yx8tpQpcOScg7zsbLwqrt1rzBdVUJVP531KTzUgiNtiXJ3Q87lbeU6bi0WhG7ePNbho7w6vX34hZyleleoC2NlJ1XNaWS-CrS5uHB_wj8L_o7ttlpYP6tzNW-1EaWMpfRX_x0oOGNMrLkkEd4eoxVtCNklyMVqIpuMEYJHrr78IKTVrFAsBkWLqSwtuFldQAHszluEOaKVEHesclaC--T9iDFk=N; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syaimwisVyODqHtIGRBxFYi0Gax9IZG72neRT9Vqh2yx8tpQpcOScg7zsbLwqrt1rzBdVUJVP531KTzUgiNtiXJ3Q87lbeU6bi0WhG7ePNbho7w6vX34hZyleleoC2NlJ1XNaWS-CrS5uHB_wj8L_o7ttlpYP6tzNW-1EaWMpfRX_x0oOGNMrLkkEd4eoxVtCNklyMVqIpuMEYJHrr78IKTVrFAsBkWLqSwtuFldQAHszluEOaKVE
    
    2022:09:01-07:11:13 MRM2Sophos httpd: HesclaC--T9iDFk=8AA730885CFD345F15EFE1889D670A38615DAFB1; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly, .AspNetCore.Correlation.raP0rsbbJP7iqgVszsQpCTxiUvSDiyGJPHD9UbkG4IY=N; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.Correlation.raP0rsbbJP7iqgVszsQpCTxiUvSDiyGJPHD9UbkG4IY=693EEC481437488EC83AB3191B6B32FE16CEF92B; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTSvvlvVcuf3wABq6bjwAAAII"
    
    2022:09:01-07:11:13 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="9440653" url="/Identity/Account/Login" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie=".AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syai-nkSLiOlC3USHgQhcxl24ROMhKMnKEkZPmJPIiI7Hw_o17AJPGLjIvQp7-RxKLSP_61XuNB0pHll9fBivIevDVCIpA6WQ3xK1Z6R25DDUdBkMvGB8eu6918bbDs85BrtuLsQWUWCk-e57rKusPzPoPxiX-3jVkxC824b4PgHflMNDxNDA9b5OGdh6f8x4jsghLD-iY2SerCe92YQpcgkZMhr5OdaGs2TS6BA4WZJ3WizO1X2SPu0iJyi3Cooljdg=N; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syai-nkSLiOlC3USHgQhcxl24ROMhKMnKEkZPmJPIiI7Hw_o17AJPGLjIvQp7-RxKLSP_61XuNB0pHll9fBivIevDVCIpA6WQ3xK1Z6R25DDUdBkMvGB8eu6918bbDs85BrtuLsQWUWCk-e57rKusPzPoPxiX-3jVkxC824b4PgHflMNDxNDA9b5OGdh6f8x4jsghLD-iY2SerCe92YQpcgkZMhr5OdaGs2TS6BA4WZJ3WizO1X2S
    
    2022:09:01-07:11:13 MRM2Sophos httpd: Pu0iJyi3Cooljdg=042E9221FAEAA476BE0BEDBF661C7DAB43A18CFC; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly, .AspNetCore.Correlation.iJ9TbHX8yy76ZBbj5EUK5WYI6BUYvIV8gxZh_kJn55c=N; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.Correlation.iJ9TbHX8yy76ZBbj5EUK5WYI6BUYvIV8gxZh_kJn55c=83CA741B7734538DB227760ECD271208EEBE2C68; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTSPvlvVcuf3wABq6bjQAAAIA"
    
    2022:09:01-07:11:13 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="7647016" url="/Identity/Account/Login" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie=".AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syajHjVwmhXXF9mkZQZ7Y4QUMrnbM0sZuWaYndHaVBZnSN4VV8WyPf2uZ1PHcSEWiWG0sfN5Ebd6tJsUYrmMLMAyQhq1en0Z6uxUoAYmCWitsbfmWEw7To5gP2hrms8Vu2e-PPukk8GlRvEdwnPhhhaDQ2VTSp4nb8Y6j4OVicidBmbhASEDoV2Km7g5EfOyTHTRxEJ7UHWwJ0r1fFSegZTYH6KVm70DodaPeWtPeGp31DYzPJLNIwnhNHJIB-MA4m7o=N; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syajHjVwmhXXF9mkZQZ7Y4QUMrnbM0sZuWaYndHaVBZnSN4VV8WyPf2uZ1PHcSEWiWG0sfN5Ebd6tJsUYrmMLMAyQhq1en0Z6uxUoAYmCWitsbfmWEw7To5gP2hrms8Vu2e-PPukk8GlRvEdwnPhhhaDQ2VTSp4nb8Y6j4OVicidBmbhASEDoV2Km7g5EfOyTHTRxEJ7UHWwJ0r1fFSegZTYH6KVm70DodaPeWtPeGp31DYzPJLNI
    
    2022:09:01-07:11:13 MRM2Sophos httpd: wnhNHJIB-MA4m7o=D82F4AEAD4FA09643B28FFF6FA95E46CA94CE007; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly, .AspNetCore.Correlation.E68TnXnfDXg-tS-j6O-ail0CzUPBPXu1VKS8k75lljA=N; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.Correlation.E68TnXnfDXg-tS-j6O-ail0CzUPBPXu1VKS8k75lljA=6441DF7613985FA2118238EB60A4C7EBA155513A; expires=Thu, 01 Sep 2022 11:26:13 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTSvvlvVcuf3wABq6bjgAAAH0"
    
    2022:09:01-07:11:14 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1539" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="9411" url="/" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTUvvlvVcuf3wABq6blQAAAIM"
    
    2022:09:01-07:11:14 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3866635120] [client 174.206.112.34:12812] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:11:14 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1082" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTUvvlvVcuf3wABq6blgAAAIM"
    
    2022:09:01-07:11:14 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="3064" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTUvvlvVcuf3wABq6blwAAAIM"
    
    2022:09:01-07:11:14 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3866635120] [client 174.206.112.34:12812] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:11:14 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1090" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTUvvlvVcuf3wABq6bmAAAAIM"
    
    2022:09:01-07:11:14 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="20754" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTUvvlvVcuf3wABq6bmQAAAIk"
    
    2022:09:01-07:11:16 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1678" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="21824" url="/Contact" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTVPvlvVcuf3wABq6bmgAAAIk"
    
    2022:09:01-07:11:16 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3866635120] [client 174.206.112.34:12812] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:11:16 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1161" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTVPvlvVcuf3wABq6bmwAAAIM"
    
    2022:09:01-07:11:16 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3816278896] [client 174.206.112.34:12823] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:11:16 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1477" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTVPvlvVcuf3wABq6bnAAAAIk"
    
    2022:09:01-07:11:16 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="3089" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTVPvlvVcuf3wABq6bnQAAAIM"
    
    2022:09:01-07:11:16 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="3156" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTVPvlvVcuf3wABq6bngAAAIM"
    
    2022:09:01-07:11:23 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1786" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="12193" url="/Privacy" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTW_vlvVcuf3wABq6bnwAAAIM"
    
    2022:09:01-07:11:23 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3866635120] [client 174.206.112.34:12812] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Privacy
    
    2022:09:01-07:11:23 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1203" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/Privacy" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTW_vlvVcuf3wABq6boAAAAIM"
    
    2022:09:01-07:11:23 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3816278896] [client 174.206.112.34:12823] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Privacy
    
    2022:09:01-07:11:23 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="966" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/Privacy" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTW_vlvVcuf3wABq6boQAAAIk"
    
    2022:09:01-07:11:24 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="2990" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Privacy" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTXPvlvVcuf3wABq6bogAAAIM"
    
    2022:09:01-07:11:24 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="2592" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Privacy" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTXPvlvVcuf3wABq6bowAAAIM"
    
    2022:09:01-07:11:27 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="4757" url="/Identity/Account/Login" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Privacy" cookie="-" set-cookie=".AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syaiTLeXUFfiMEluRxdqKbdl0ATb29qgEAZAVCGyrABIeJfGQ2HJ_rOlQYMjoiqLTdYJtoxsXSem4XmwKlwSkZbsjjiSrx2iz3q_byns-RMjhBNNgS0oHyXcflSnKfIeKiPaWKeOmilZqUC_bw-kNDqOt4QAlJkxRE939D8Y_9FRwNZirrR-rUO5mk_TJ_YY2FN9-ARZhyEMWrnDICS7RbXMJ1RbVdfU-5ADcgebHJXntzjV3bIG24RtQU2pi5z2Guvs=N; expires=Thu, 01 Sep 2022 11:26:27 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syaiTLeXUFfiMEluRxdqKbdl0ATb29qgEAZAVCGyrABIeJfGQ2HJ_rOlQYMjoiqLTdYJtoxsXSem4XmwKlwSkZbsjjiSrx2iz3q_byns-RMjhBNNgS0oHyXcflSnKfIeKiPaWKeOmilZqUC_bw-kNDqOt4QAlJkxRE939D8Y_9FRwNZirrR-rUO5mk_TJ_YY2FN9-ARZhyEMWrnDICS7RbXMJ1RbVdfU-5ADcgebHJXntzjV3
    
    2022:09:01-07:11:27 MRM2Sophos httpd: bIG24RtQU2pi5z2Guvs=5B12B431CA721FC1216EFFFEDB005E09CCB516C9; expires=Thu, 01 Sep 2022 11:26:27 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly, .AspNetCore.Correlation.Mw_ywf5t-KqP3wo_2Cc_9fR1rVk5m2z7D4vBzHGWhqY=N; expires=Thu, 01 Sep 2022 11:26:27 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.Correlation.Mw_ywf5t-KqP3wo_2Cc_9fR1rVk5m2z7D4vBzHGWhqY=232D5AB1A51A808AA8AA20CB3AA8E99E4BF71B80; expires=Thu, 01 Sep 2022 11:26:27 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCTX_vlvVcuf3wABq6bpAAAAIM"
    
    2022:09:01-07:13:52 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="88535" url="/Identity/Account/Login" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Privacy" cookie="-" set-cookie=".AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syagw-fpaMMJ0ul9oWVOPxqJcKf8vsJOhXMMnE_NJ6cyANHcTkvdJQORUjAL3cn4jFnx4JGTIvDrTzmu4pb5b-7vj8kbdqFKkAw5_qdXwQyaIRYRimdvddZtR2M-iBtqoRA38LNsQQyXcWKeiU6aEfydXxYSKKY5kvtKHS1gwPVQ-KCITDpwotQTzLxtkiUJpuuxVf1Uju3u8VrYqwMSyhF90B3deC_gyDk30Wd3VIMTmFFB0ntKltf5UrYBkskwUQu8=N; expires=Thu, 01 Sep 2022 11:28:52 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syagw-fpaMMJ0ul9oWVOPxqJcKf8vsJOhXMMnE_NJ6cyANHcTkvdJQORUjAL3cn4jFnx4JGTIvDrTzmu4pb5b-7vj8kbdqFKkAw5_qdXwQyaIRYRimdvddZtR2M-iBtqoRA38LNsQQyXcWKeiU6aEfydXxYSKKY5kvtKHS1gwPVQ-KCITDpwotQTzLxtkiUJpuuxVf1Uju3u8VrYqwMSyhF90B3deC_gyDk30Wd3VIMTmFFB
    
    2022:09:01-07:13:52 MRM2Sophos httpd: 0ntKltf5UrYBkskwUQu8=3E0393E9C84ECFB7E59C865AE6EAB3DE9F913790; expires=Thu, 01 Sep 2022 11:28:52 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly, .AspNetCore.Correlation.WbjwL7XhTUZ-1BURcA7dL5QLtnz_tMFT_06m17bjJk4=N; expires=Thu, 01 Sep 2022 11:28:52 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.Correlation.WbjwL7XhTUZ-1BURcA7dL5QLtnz_tMFT_06m17bjJk4=6661135A93A67347C46FAAF45105998F35C8D167; expires=Thu, 01 Sep 2022 11:28:52 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCT8PvlvVcuf3wABq6bpQAAAJM"
    
    2022:09:01-07:14:10 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1678" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="26426" url="/Contact" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Privacy" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUAvvlvVcuf3wABq6bpgAAAGU"
    
    2022:09:01-07:14:10 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 4118416240] [client 174.206.112.34:12808] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:14:10 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1116" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUAvvlvVcuf3wABq6bpwAAAGU"
    
    2022:09:01-07:14:11 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="3025" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUA_vlvVcuf3wABq6bqAAAAGU"
    
    2022:09:01-07:14:11 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 4118416240] [client 174.206.112.34:12808] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:14:11 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1127" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUA_vlvVcuf3wABq6bqQAAAGU"
    
    2022:09:01-07:14:11 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="3117" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUA_vlvVcuf3wABq6bqgAAAGU"
    
    2022:09:01-07:14:31 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="-" statuscode="408" reason="-" extra="-" exceptions="-" time="10" url="-" server="-" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="-"
    
    2022:09:01-07:14:36 MRM2Sophos httpd[52040]: [form_hardening:warn] [pid 52040:tid 4059667312] [client 174.206.112.34:12803] Found an <input> tag of unknown type 'email' with name='Input.Email' and value='', referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:14:36 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="5384" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="827870" url="/Identity/Account/Register" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie="-" set-cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; path=/; samesite=strict; httponly, HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C; path=/; HASH_samesite=25579B7CE88CB0C98898ACAA4D1EA0E871A0C713; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUG_vlvVcuf3wABq6bqwAAAGw"
    
    2022:09:01-07:14:36 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 4059667312] [client 174.206.112.34:12803] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Identity/Account/Register
    
    2022:09:01-07:14:36 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1507" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUHPvlvVcuf3wABq6brAAAAGw"
    
    2022:09:01-07:14:36 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="19810" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUHPvlvVcuf3wABq6brQAAAGw"
    
    2022:09:01-07:14:36 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 4059667312] [client 174.206.112.34:12803] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Identity/Account/Register
    
    2022:09:01-07:14:36 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1080" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUHPvlvVcuf3wABq6brgAAAGw"
    
    2022:09:01-07:14:36 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="26000" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUHPvlvVcuf3wABq6brwAAAG8"
    
    2022:09:01-07:14:56 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="-" statuscode="408" reason="-" extra="-" exceptions="-" time="11" url="-" server="-" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="-"
    
    2022:09:01-07:15:27 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1678" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="67998" url="/Contact" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUTvvlvVcuf3wABq6bsAAAAHQ"
    
    2022:09:01-07:15:27 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3992525680] [client 174.206.112.34:12806] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:15:27 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1129" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUT_vlvVcuf3wABq6bsQAAAHQ"
    
    2022:09:01-07:15:27 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="7184" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUT_vlvVcuf3wABq6bsgAAAHQ"
    
    2022:09:01-07:15:27 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3992525680] [client 174.206.112.34:12806] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:15:27 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1170" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUT_vlvVcuf3wABq6bswAAAHQ"
    
    2022:09:01-07:15:27 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="7101" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUT_vlvVcuf3wABq6btAAAAHQ"
    
    2022:09:01-07:15:31 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1539" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="11218" url="/" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUU_vlvVcuf3wABq6btQAAAHQ"
    
    2022:09:01-07:15:31 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3992525680] [client 174.206.112.34:12806] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:15:31 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1066" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUU_vlvVcuf3wABq6btgAAAHQ"
    
    2022:09:01-07:15:31 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3967347568] [client 174.206.112.34:11308] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:15:31 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1185" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUU_vlvVcuf3wABq6btwAAAHc"
    
    2022:09:01-07:15:31 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="8667" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUU_vlvVcuf3wABq6buAAAAHQ"
    
    2022:09:01-07:15:31 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="7187" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUU_vlvVcuf3wABq6buQAAAHQ"
    
    2022:09:01-07:15:34 MRM2Sophos httpd[52040]: [form_hardening:warn] [pid 52040:tid 3992525680] [client 174.206.112.34:12806] Found an <input> tag of unknown type 'email' with name='Input.Email' and value='', referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:15:34 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="5376" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="61092" url="/Identity/Account/Register" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUVvvlvVcuf3wABq6bugAAAHQ"
    
    2022:09:01-07:15:34 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3992525680] [client 174.206.112.34:12806] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Identity/Account/Register
    
    2022:09:01-07:15:34 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1225" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUVvvlvVcuf3wABq6buwAAAHQ"
    
    2022:09:01-07:15:34 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3967347568] [client 174.206.112.34:11308] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Identity/Account/Register
    
    2022:09:01-07:15:34 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="960" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUVvvlvVcuf3wABq6bvAAAAHc"
    
    2022:09:01-07:15:34 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="6911" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUVvvlvVcuf3wABq6bvQAAAHQ"
    
    2022:09:01-07:15:34 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1678" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="31491" url="/Contact" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Privacy" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUVvvlvVcuf3wABq6bvgAAAHc"
    
    2022:09:01-07:15:35 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3992525680] [client 174.206.112.34:12806] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1856" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bvwAAAHQ"
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="8065" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Identity/Account/Register" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bwAAAAHc"
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="7740" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bwQAAAHQ"
    
    2022:09:01-07:15:35 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3992525680] [client 174.206.112.34:12806] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1028" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bwgAAAHQ"
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1678" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="28073" url="/Contact" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bwwAAAH8"
    
    2022:09:01-07:15:35 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3900205936] [client 174.206.112.34:11322] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1105" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bxAAAAH8"
    
    2022:09:01-07:15:35 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3883420528] [client 174.206.112.34:11321] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/Contact
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1030" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bxQAAAIE"
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="7090" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bxgAAAH8"
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="6860" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/Contact" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6bxwAAAH8"
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="1539" user="-" host="174.206.112.34" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="9228" url="/" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6byAAAAH8"
    
    2022:09:01-07:15:35 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3900205936] [client 174.206.112.34:11322] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:15:35 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="1121" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUV_vlvVcuf3wABq6byQAAAH8"
    
    2022:09:01-07:15:36 MRM2Sophos httpd[52040]: [form_hardening:error] [pid 52040:tid 3883420528] [client 174.206.112.34:11321] Form validation failed: Received unhardened form data, referer: https://wwwd.mrm2inc.com/
    
    2022:09:01-07:15:36 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="199" user="-" host="174.206.112.34" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="998" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4; HASH_.AspNetCore.Antiforgery.Nb40yWz25Uc=034F8933BCD00D274935042782297EA02FAA969C" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUWPvlvVcuf3wABq6bygAAAIE"
    
    2022:09:01-07:15:36 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="7166" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUWPvlvVcuf3wABq6bywAAAH8"
    
    2022:09:01-07:15:36 MRM2Sophos httpd: id="0299" srcip="174.206.112.34" localip="10.0.0.2" size="0" user="-" host="174.206.112.34" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="6895" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxCUWPvlvVcuf3wABq6bzAAAAH8"
    
    2022:09:01-14:38:33 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="369" user="-" host="174.206.99.36" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="24606" url="/css/site.min.css" server="wwwd.mrm2inc.com" port="443" query="?v=RGHdZ65z5NTf_tGQaHcDi9uupHs31YwZ9EFGjn6nx-Q" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8KQcJ55tPfo7KhTCD3gAAACM"
    
    2022:09:01-14:38:33 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="0" user="-" host="174.206.99.36" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="11362" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8KQcJ55tPfo7KhTCD3wAAACM"
    
    2022:09:01-14:38:33 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="271" user="-" host="174.206.99.36" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="11772" url="/js/site.min.js" server="wwwd.mrm2inc.com" port="443" query="?v=FLn14I09uV1OPWa0eAi391TYe2U6_UnC5Q3R6qMB_Ic" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8KQcJ55tPfo7KhTCD4AAAACM"
    
    2022:09:01-14:38:33 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="8499" user="-" host="174.206.99.36" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="11882" url="/lib/jqueryui/themes/smoothness/jquery-ui.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8KQcJ55tPfo7KhTCD4QAAACM"
    
    2022:09:01-14:38:33 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="4919" user="-" host="174.206.99.36" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="26480" url="/images/BackgroundImages/IdentityLogo.png" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8KQcJ55tPfo7KhTCD4gAAACI"
    
    2022:09:01-14:38:33 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="0" user="-" host="174.206.99.36" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="11132" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8KQcJ55tPfo7KhTCD5AAAACI"
    
    2022:09:01-14:38:39 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="1738865" user="-" host="174.206.99.36" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="5719748" url="/images/BackgroundImages/IdentityBackground.png" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8KQcJ55tPfo7KhTCD4wAAACM"
    
    2022:09:01-14:38:50 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="0" user="-" host="174.206.99.36" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="5179280" url="/Identity/Account/Login" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie=".AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syaicZ5ttJEO_wwXD8BxyHkGs9_AhIuL3YzZ7u4xk6XkDN0ThU8mf-QN0PyJfjnmM7Q-WKFtHx70haWo5K3BcnyGcdvxsMjT3MXtkc7z91kpxzMxrjyRfajE5c6JU8Vbnw6N_46kNO5hrbp0F63lsKNqJcLSPDljpaBUYrtNS-PRRdlFwNrfNyNx3ISpDICanyLJT2Gl8iH-4tc3cXud6LSGl64hKg0khXVTueo3wSqiX33ZqvISufafZHprJWPXwQXY=N; expires=Thu, 01 Sep 2022 18:53:50 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syaicZ5ttJEO_wwXD8BxyHkGs9_AhIuL3YzZ7u4xk6XkDN0ThU8mf-QN0
    
    2022:09:01-14:38:50 MRM2Sophos httpd: PyJfjnmM7Q-WKFtHx70haWo5K3BcnyGcdvxsMjT3MXtkc7z91kpxzMxrjyRfajE5c6JU8Vbnw6N_46kNO5hrbp0F63lsKNqJcLSPDljpaBUYrtNS-PRRdlFwNrfNyNx3ISpDICanyLJT2Gl8iH-4tc3cXud6LSGl64hKg0khXVTueo3wSqiX33ZqvISufafZHprJWPXwQXY=68D444BA3F9BFB62B6BB25B361BC60CC7C552A27; expires=Thu, 01 Sep 2022 18:53:50 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly, .AspNetCore.Correlation.72mk2Xrr9maJQe2pELH8ImKBg1Icc7I2rGXO-mRxbh8=N; expires=Thu, 01 Sep 2022 18:53:50 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.Correlation.72mk2Xrr9maJQe2pELH8ImKBg1Icc7I2rGXO-mRxbh8=3A5DFFD6D26CC005C8481BD2C404900B62AB60F4; expires=Thu, 01 Sep 2022 18:53:50 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8NQcJ55tPfo7KhTCD5QAAACM"
    
    2022:09:01-14:38:53 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="0" user="-" host="174.206.99.36" method="-" statuscode="408" reason="-" extra="-" exceptions="-" time="11" url="-" server="-" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="-"
    
    2022:09:01-14:40:36 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="1552" user="-" host="174.206.99.36" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="58672" url="/" server="wwwd.mrm2inc.com" port="443" query="" referer="-" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8pAcJ55tPfo7KhTCD5gAAACw"
    
    2022:09:01-14:40:36 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="0" user="-" host="174.206.99.36" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="7281" url="/lib/bootstrap/dist/css/bootstrap.min.css" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8pAcJ55tPfo7KhTCD5wAAACw"
    
    2022:09:01-14:40:36 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="25" user="-" host="174.206.99.36" method="GET" statuscode="404" reason="-" extra="-" exceptions="-" time="7180" url="/lib/bootstrap/dist/js/bootstrap.min.js" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8pAcJ55tPfo7KhTCD6AAAACw"
    
    2022:09:01-14:40:37 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="9380" user="-" host="174.206.99.36" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="26816" url="/favicon.ico" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8pAcJ55tPfo7KhTCD6QAAACw"
    
    2022:09:01-14:40:48 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="0" user="-" host="174.206.99.36" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="14714" url="/Identity/Account/Login" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie=".AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syajlyRuQoZT_oeBXRUmjj0aDAAMHUzA1EWfeH--tT6-wDg3MG4GCXV6bOV2oHNqoX8jmdZ_KLeBf9U5wbl0Hs-rkoRh9L9hT8vXw8bkeCZD7z3gSZn-vtmd6WgwPuEDmkqLC_o7haztiFLYQqr0km9sfmSexxrnPBl-nOwjdG-PYVKl7mVLWG-xCKX4LOP-JST6hqw0UkWnsMESku6zov3lJRkBoDlzGJW_Qdlte0kNl4P1kGO1PSkhwTto9JTEniF8=N; expires=Thu, 01 Sep 2022 18:55:48 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syajlyRuQoZT_oeBXRUmjj0aDAAMHUzA1EWfeH--tT6-wDg3MG4GCXV6bOV
    
    2022:09:01-14:40:48 MRM2Sophos httpd: 2oHNqoX8jmdZ_KLeBf9U5wbl0Hs-rkoRh9L9hT8vXw8bkeCZD7z3gSZn-vtmd6WgwPuEDmkqLC_o7haztiFLYQqr0km9sfmSexxrnPBl-nOwjdG-PYVKl7mVLWG-xCKX4LOP-JST6hqw0UkWnsMESku6zov3lJRkBoDlzGJW_Qdlte0kNl4P1kGO1PSkhwTto9JTEniF8=B3E9701B84D5578DDDB2538D7E0FF7FBC94D487A; expires=Thu, 01 Sep 2022 18:55:48 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly, .AspNetCore.Correlation.J6-YVHcVUPFfcrIkuR9GtEXxd4-1G1pi-PkqWk5Lvv8=N; expires=Thu, 01 Sep 2022 18:55:48 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.Correlation.J6-YVHcVUPFfcrIkuR9GtEXxd4-1G1pi-PkqWk5Lvv8=CF7CE9E4231440886A2103866AEAD33C7EB13B64; expires=Thu, 01 Sep 2022 18:55:48 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD8sAcJ55tPfo7KhTCD6gAAACw"
    
    2022:09:01-14:41:34 MRM2Sophos httpd: id="0299" srcip="174.206.99.36" localip="10.0.0.2" size="0" user="-" host="174.206.99.36" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="28775" url="/Identity/Account/Login" server="wwwd.mrm2inc.com" port="443" query="" referer="https://wwwd.mrm2inc.com/" cookie=".AspNetCore.Antiforgery.Nb40yWz25Uc=CfDJ8Pxpv025fH9OrWmSiY-syagwDeNXneSyJY_BhSgIuTiZG337VENOw5oB7eT8Ji8dJ7w3Pqf0PCSt6_N832sYAqIwbhHgC1Y-QrJc0wbIqXd_vTnXo-UhMh662lDkpHWx4bl9wQniwqMnZ_qN2MyLAJ4" set-cookie=".AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syajyS76koaSQGfnIHHNZe1peIRjuCL3NZ5Pk2YiAmLwVfeBG9UrcPpayeN55A07uOzCey6WguMFEQErdu6JdY7WMVQ-oqCCFKT0myNEc9ubSRnIqksYeUakuue8p5WccmDOEUoNmTgvQgu5Dr-QCXeddGlYlPvPn-Gh__FU8eRV1mcyzHq9SuYpADiAdleFmbr08X8wU-qUcdVDmp08CmWkk9eWEl-gKbxAgFa7_pFukbFI4T9LRBAHJik0ddQ0nON4=N; expires=Thu, 01 Sep 2022 18:56:34 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.OpenIdConnect.Nonce.CfDJ8Pxpv025fH9OrWmSiY-syajyS76koaSQGfnIHHNZe1peIRjuCL3NZ5Pk2YiAmLwVfeBG9UrcPpayeN
    
    2022:09:01-14:41:34 MRM2Sophos httpd: 55A07uOzCey6WguMFEQErdu6JdY7WMVQ-oqCCFKT0myNEc9ubSRnIqksYeUakuue8p5WccmDOEUoNmTgvQgu5Dr-QCXeddGlYlPvPn-Gh__FU8eRV1mcyzHq9SuYpADiAdleFmbr08X8wU-qUcdVDmp08CmWkk9eWEl-gKbxAgFa7_pFukbFI4T9LRBAHJik0ddQ0nON4=CF6FACA42CF72C8D1F515C38DA4206CB4C4D6CE6; expires=Thu, 01 Sep 2022 18:56:34 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly, .AspNetCore.Correlation.7SAzuZLJnPcr4uJ40j-9yz7h4QH9RmUiHs1Y3rdRWNA=N; expires=Thu, 01 Sep 2022 18:56:34 GMT; path=/signin-oidc; secure; samesite=none; httponly, HASH_.AspNetCore.Correlation.7SAzuZLJnPcr4uJ40j-9yz7h4QH9RmUiHs1Y3rdRWNA=FE15B6110F0E3853B303A627C22B08508BC7FF0D; expires=Thu, 01 Sep 2022 18:56:34 GMT; path=/signin-oidc; secure; HASH_samesite=B9F1071E77E886CAFF75A5E3A6666BA389D1C5B3; httponly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YxD83gcJ55tPfo7KhTCD6wAAAAA"

    This should be all the relevant information.

  • "302" usually just means that the web server is redirecting the request.  The "40x" codes mean that the server is encountering issues.  What difference do you see in the web server's logs for internal and external clients?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I am not seeing anything in the logs for internal clients.  One guess is probably because IIS is handling it all by itself internally.  Second guess is that the traffic is not passing through the UTM for internal traffic.

  • Mike, I meant the IIS logs, not the WAF logs in the UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Sorry about that.  I do see a difference in the logs between an external and internal usage with the IIS logs.

    So with the external access to the first site:

    date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
    2022-09-22 20:17:46 192.168.7.6 GET / - 443 - 192.168.0.3 Mozilla/5.0+(Linux;+Android+10;+SM-G960U)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Mobile+Safari/537.36 - - 200 0 0 6156
    2022-09-22 20:17:46 192.168.7.6 GET /lib/bootstrap/dist/css/bootstrap.min.css - 443 - 192.168.0.3 Mozilla/5.0+(Linux;+Android+10;+SM-G960U)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Mobile+Safari/537.36 - https://wwwd.mrm2inc.com/ 404 0 0 12
    2022-09-22 20:17:46 192.168.7.6 GET /lib/bootstrap/dist/js/bootstrap.min.js - 443 - 192.168.0.3 Mozilla/5.0+(Linux;+Android+10;+SM-G960U)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Mobile+Safari/537.36 - https://wwwd.mrm2inc.com/ 404 0 0 22
    2022-09-22 20:17:51 192.168.7.6 GET /images/BackgroundImages/IdentityBackground.png - 443 - 192.168.0.3 Mozilla/5.0+(Linux;+Android+10;+SM-G960U)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Mobile+Safari/537.36 - https://wwwd.mrm2inc.com/ 200 0 0 4678

    There is no log activity for the identityapi-dv site from external access.

    Now the logs internally for the first site are as follows:

    date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
    2022-09-22 20:24:23 192.168.7.6 GET / - 443 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 - - 200 0 0 7
    2022-09-22 20:24:23 192.168.7.6 GET /lib/bootstrap/dist/css/bootstrap.min.css - 443 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 - https://wwwd.mrm2inc.com/ 404 0 0 1
    2022-09-22 20:24:23 192.168.7.6 GET /lib/bootstrap/dist/js/bootstrap.min.js - 443 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 - https://wwwd.mrm2inc.com/ 404 0 0 1
    2022-09-22 20:24:31 192.168.7.6 GET /Identity/Account/Login - 443 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 - https://wwwd.mrm2inc.com/ 302 0 0 6287

    What I notice here is that I had selected the Login button and got the 302 from the /Identity/Account/Login

    Here is the log for the second site:

    date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
    2022-09-22 20:24:31 192.168.7.6 GET /.well-known/openid-configuration - 444 - 192.168.7.6 Microsoft+ASP.NET+Core+OpenIdConnect+handler - - 200 0 0 4979
    
    2022-09-22 20:24:31 192.168.7.6 GET /.well-known/jwks - 444 - 192.168.7.6 Microsoft+ASP.NET+Core+OpenIdConnect+handler - - 200 0 0 40
    
    2022-09-22 20:24:31 192.168.7.6 GET /api/Authorization/Authorize client_id=ident-man-raz&redirect_uri=https%3A%2F%2Fwwwd.mrm2inc.com%2Fsignin-oidc&response_type=code&scope=openid%20profile&code_challenge=81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak&code_challenge_method=S256&response_mode=form_post&nonce=637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1&state=CfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw&x-client-SKU=ID_NET6_0&x-client-ver=6.21.0.0 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://wwwd.mrm2inc.com/ 302 0 0 232
    
    2022-09-22 20:24:31 192.168.7.6 GET /Identity/Account/Login ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://wwwd.mrm2inc.com/ 200 0 0 243
    
    2022-09-22 20:24:31 192.168.7.6 GET /css/site.min.css v=yguNTp47AFBJS-Sds4KXQ3C40m_1v5Q4lgz8vDYuDUA 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://identityapi-dv.mrm2inc.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 200 0 0 13
    
    2022-09-22 20:24:32 192.168.7.6 GET /js/site.min.js v=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://identityapi-dv.mrm2inc.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 200 0 0 1
    
    2022-09-22 20:24:32 192.168.7.6 GET /lib/bootstrap/dist/css/bootstrap.min.css - 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://identityapi-dv.mrm2inc.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 200 0 0 24
    
    2022-09-22 20:24:32 192.168.7.6 GET /lib/jqueryui/themes/smoothness/jquery-ui.css - 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://identityapi-dv.mrm2inc.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 404 0 0 18
    
    2022-09-22 20:24:32 192.168.7.6 GET /images/BackgroundImages/IdentityLogo.png - 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://identityapi-dv.mrm2inc.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 200 0 0 10
    
    2022-09-22 20:24:32 192.168.7.6 GET /lib/bootstrap/dist/js/bootstrap.min.js - 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://identityapi-dv.mrm2inc.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 200 0 0 9
    
    2022-09-22 20:24:32 192.168.7.6 GET /images/BackgroundImages/IdentityBackground.png - 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://identityapi-dv.mrm2inc.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 200 0 0 141
    
    2022-09-22 20:24:32 192.168.7.6 GET /favicon.ico - 444 - 192.168.0.21 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.0.0+Safari/537.36+Edg/105.0.1343.42 .AspNetCore.Antiforgery.92sHTbD5ho8=CfDJ8OYzoIl0DyBKpIwPLj2DM1ufA5Xdc648FP8OTerTe-8KFICV46etbWLwkC-s7BxzmALHE48ERrgI5BpfyzNVvwlVUneJ_lxchwHtKdcnzVfUahFv_qS-3du8-VljgA4zA1-Y7Qc5pdGDtuliFGZT0lI https://identityapi-dv.mrm2inc.com:444/Identity/Account/Login?ReturnUrl=%2Fapi%2FAuthorization%2FAuthorize%3Fclient_id%3Dident-man-raz%26redirect_uri%3Dhttps%253A%252F%252Fwwwd.mrm2inc.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%26code_challenge%3D81l1EDz_215JbJvptHZ9SIhDwo3YSW0OIdz2js_Rfak%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D637994750714077371.NjkzN2RhZmMtN2ZiOC00ZTUyLTkxZjctM2VmNTY3NGRlMzlkYzJhNjY3NzUtZDMwYi00Mjk1LTgzZjYtMzFjMDhkYzE1NTY1%26state%3DCfDJ8HW_c7mdLnhNkWi9ygVvO-2upcALNWtZakMHlNgspbVw3DjNG36uYGe-kJiKvGkcX66UuCfVy-iwxQeXCmaEs2Dc77KCoVunkyeF4fOijBqvajPHXy1f6I3xRw_hQ5-kLHIFL7xYcjnbwAqhvrJvwJgQaUihTD5JkIY2XNuqwHGwjca7P6DsekSu2kJF2QKA-pn3hp9l0XDsFkwNTjRB6ZAgN37p6jcs6mTd16JDiu_A7KfyPpEflLWRWlvPp0S9NGyHRYisw3eSbBWAha_zIrpkVMZO9-uwIGzuREHp4r8-NHdB8JliPm3LOkYGdfGZwEGmxJWLI0e2CZBH04Rd4amFtSkLa9_SwGp9k59R_fIhcFIq4RoK7FT7xt6QKZralw%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0 200 0 0 36

    For this I am seeing the client-Ip being the same IP as the source which is correct but everything is being fired off.  And I was able to access the login screen.

    This has me questioning, am I putting that redirect on the WAF too early?

    Also I tried the /.well-known/jwks directly from the external, and it timed out.  I do not see any activity in the UTM Logs for when I did that.

  • I'm not an IIS guy, so I don't have an answer, but it looks like the difference is:

         Internally, lines 3 & 4 contain 537.36+Edg/105.0.1343.42 - https://wwwd.mrm2inc.com/ 404 0 0 1
         Externally, these lines contain 537.36 - https://wwwd.mrm2inc.com/ 404 0 0 12

    If no one else here is that knowledgeable about IIS, maybe ask a question on a Microsoft board.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Those 404 on lines 3 and 4 are for the bootstrap.css, the Edg/105 is for the Edge Browser which make that difference, the last number is the time taken to return the 404.
    Granted the 404 is happening because the bootstap library is not being found on the server, as it should be pulling from the CDN, but the bootstrap is actually working, so I am not finding anything suspect with them.

    What gets me is line 5 is different  Also going to https://identityapi-dv.mrm2inc.com:444/.well-known/jwks times out.  And the UTM does not see that being accessed.

  • Are you accessing from a browser other than Edge when you come in from the outside, Mike?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes, I am using Chrome when accessing it from the outside.

  • I still think that DNS is causing this different behaviour.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • As before I couldn't access the ./well-known.jwks from outside the UTM.  I took another run at things.  I ended up changing the port on the identityapi-dv virtual webserver from 444 to 443, and keeping it HTTPS and Redirect.  On the Real Webserver I am maintaining the port 444.  From outside the network was able to access the .well-known/jwks and .well-known/openid-configuration.  The passing from wwwd to identityapi-dv on the login still does not work correctly.

    I also ended up fixing the 404 errors by placing the css and js files in the correct spot.  Will post the logs after I look them over.

Reply
  • As before I couldn't access the ./well-known.jwks from outside the UTM.  I took another run at things.  I ended up changing the port on the identityapi-dv virtual webserver from 444 to 443, and keeping it HTTPS and Redirect.  On the Real Webserver I am maintaining the port 444.  From outside the network was able to access the .well-known/jwks and .well-known/openid-configuration.  The passing from wwwd to identityapi-dv on the login still does not work correctly.

    I also ended up fixing the 404 errors by placing the css and js files in the correct spot.  Will post the logs after I look them over.

Children
  • Ok I have a confirmation on what is wrong.  Like mentioned it is DNS related.  But it is also not DNS related.  When wwwd, makes it call the identityapi-dv it know that it is using port 444 internally, but since nothing understands identityapi-dv:444 as a DNS entry it is failing at the UTM after the 302 because it does not know that DNS name.  Once I changed the Virtual Server to 443 and still maintained the port 444 on the real server, I can access that directly, since the UTM is calling it on the correct port.  But since I have to make a call internally and externally with the port number on there, this is where it is failing.  Is there a way around this issue within the UTM?

  • I have fixed the issues with IIS so that everything is now passing over port 443.  Though I am now getting a 403.  I can even see why by five lines in the log.  It looks like I have warnings for generic attacks and SQL Injection.  I then have an Access denied with code 403 (phrase 2) for pattern match (.*) at TX:950120-OWASP_CRS/WEB_ATTACK/RFI-TX:1.  Then another warning for Inbound Anomaly Score Exceeded.  Last line in the log on the blocking is Status Code 403, extra="Inbound Anomaly Score Exceeded (Total Score: 8, SQLi=1, XSS=): Last Matched Message: Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"

    What would be the best way to work the Firewall profile for these?  My guess would be to skip filter rules, or uncheck Generic Attacks and SQL Injection attacks.  Though unchecking those would seem like a bad idea.  My other thought is to put /api/Authorization/* as an exception.

    Here are the lines of the log:

    2022:10:11-21:47:35 MRM2Sophos httpd[22698]: [security2:error] [pid 22698:tid 4095306608] [client 174.206.107.230:7594] [client 174.206.107.230] ModSecurity: Warning. Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/apache/conf/waf/modsecurity_crs_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://wwwd.mrm2inc.com/signin-oidc found within TX:1: wwwd.mrm2inc.com/signin-oidc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "identityapi-dv.mrm2inc.com"] [uri "/api/Authorization/Authorize"] [unique_id "Y0Yct32sfjTTal5kN2h4PQAAAGg"]
    
    2022:10:11-21:47:35 MRM2Sophos httpd[22698]: [security2:error] [pid 22698:tid 4095306608] [client 174.206.107.230:7594] [client 174.206.107.230] ModSecurity: Warning. Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:state. [file "/usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:state: CfDJ8HW_c7mdLnhNkWi9ygVvO-12sIeLssPxLKIzIVcM60_N4g91O_qZwUU0Y2KCy5vqlOdVsyYcr7mjwlmfZkQiqs8Ud1HFtNh3c849WjAE5s8TffkAxYCM3FgLTyqp1_mL18_e53XkKe4Crhd-GHtIAC6LRJ8FGvrdjOiqNkPo4uBOZ-B-2PzfMJEvhJ4ea17LwH1H9ZQiM-ncLXMdGLCclIb2wFKUeKegH0A6jqkIsit9udL20cIJ8sv78F6PpDAmX3riyKWYnBPSd6GAsplsugYljkUE-GfxcB84RfdaOD2hBw2iu0ceOzCEDQLyUQLgLB5IFvFfoHDR39c42svDxdBsXwYtUqUuy7sMVufX17ngoGsswP2FbmE3gxmirK7QhA"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "identityapi-dv.mrm2inc.com"] [uri "/api/Authorization/Authorize"] [unique_id "Y0Yct32sfjTTal5kN2h4PQAAAGg"]
    
    2022:10:11-21:47:35 MRM2Sophos httpd[22698]: [security2:error] [pid 22698:tid 4095306608] [client 174.206.107.230:7594] [client 174.206.107.230] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(.*)" at TX:950120-OWASP_CRS/WEB_ATTACK/RFI-TX:1. [file "/usr/apache/conf/waf/modsecurity_crs_inbound_blocking.conf"] [line "26"] [id "981176"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8, SQLi=1, XSS=): Last Matched Message: Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Last Matched Data: wwwd.mrm2inc.com/signin-oidc"] [hostname "identityapi-dv.mrm2inc.com"] [uri "/api/Authorization/Authorize"] [unique_id "Y0Yct32sfjTTal5kN2h4PQAAAGg"]
    
    2022:10:11-21:47:35 MRM2Sophos httpd[22698]: [security2:error] [pid 22698:tid 4095306608] [client 174.206.107.230:7594] [client 174.206.107.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/apache/conf/waf/modsecurity_crs_correlation.conf"] [line "37"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8, SQLi=1, XSS=): Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [hostname "identityapi-dv.mrm2inc.com"] [uri "/api/Authorization/Authorize"] [unique_id "Y0Yct32sfjTTal5kN2h4PQAAAGg"]
    
    2022:10:11-21:47:35 MRM2Sophos httpd: id="0299" srcip="174.206.107.230" localip="10.0.0.2" size="199" user="-" host="174.206.107.230" method="GET" statuscode="403" reason="waf" extra="Inbound Anomaly Score Exceeded (Total Score: 8, SQLi=1, XSS=): Last Matched Message: Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded" exceptions="-" time="15555" url="/api/Authorization/Authorize" server="identityapi-dv.mrm2inc.com" port="443" query="?client_id=ident-man-raz&redirect_uri=https%3A%2F%2Fwwwd.mrm2inc.com%2Fsignin-oidc&response_type=code&scope=openid%20profile&code_challenge=pKnok9IOBihdW11XJb2CW5WeTqJK9HpphneTswk0hAc&code_challenge_method=S256&response_mode=form_post&nonce=638011360132318158.YWY0ZjgzOTAtYzA3ZS00ODlmLTg3YmQtY2RlNzY2ZDZiNDE1MzhhMzE2NTctMDE4MC00Mzk5LThiODAtMDFiZmUxZTA1MjU1&state=CfDJ8HW_c7mdLnhNkWi9ygVvO-12sIeLssPxLKIzIVcM60_N4g91O_qZwUU0Y2KCy5vqlOdVsyYcr7mjwlmfZkQiqs8Ud1HFtNh3c849WjAE5s8TffkAxYCM3FgLTyqp1_mL18_e53XkKe4Crhd-GHtIAC6LRJ8FGvrdjOiqNkPo4uBOZ-B-2PzfMJEvhJ4ea17LwH1H9ZQiM-ncLXMdGLCclIb2w