This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - [form_hardening:error]

Hello all,

I am running Sophos UTM for a long time now and i am experiencing recently a problem with WAF (i believe). I have a Nextcloud server behind this Sophos i have been using it without problems for some years now. Suddenly though, when i access the Nextcloud page from outside (so through the sophos webserver), i get no login fields, while accessing it internally from my LAN, all is good.

Checking the WAF logs, i can see [form_hardening:error] No form context found when parsing <input> tag , error. 

2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] (22)Invalid argument: [client 86.124.125.191:58660] No form context found when parsing <input> tag
2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] (22)Invalid argument: [client 86.124.125.191:58660] No form context found when parsing <input> tag
2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] (22)Invalid argument: [client 86.124.125.191:58660] No form context found when parsing <input> tag
2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] (22)Invalid argument: [client 86.124.125.191:58660] No form context found when parsing <input> tag
2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] (22)Invalid argument: [client 86.124.125.191:58660] No form context found when parsing <input> tag
2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] (22)Invalid argument: [client 86.124.125.191:58660] No form context found when parsing <input> tag
2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] (22)Invalid argument: [client 86.124.125.191:58660] No form context found when parsing <input> tag
2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] (22)Invalid argument: [client 86.124.125.191:58660] No form context found when parsing <input> tag
2023:09:26-13:18:49 robfw1 httpd: id="0299" srcip="86.124.125.191" localip="79.115.175.113" size="4649" user="-" host="86.124.125.191" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="83162" url="/index.php/login" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_sameSiteCookielax=true; ocsdvx0o4czd=q8nm73lat0ts4jmkr5igfe80cs; ocqqq4bnplq7=cfvomtegi1epbnd2gc23fpt353; nc_sameSiteCookiestrict=true; oc_sessionPassphrase=9kc1bRScz7AU3JoAHwfOM5%2B6UD0sIwEN1gOFHw5F6kT3Yy6iy7UOG5ARhv7fdTCjiLSqnoeDfPKrk18wQhGo1pOc6vUuQujMynwhfT%2FXDA7zywP8QdmuC5qLk91mZfZI" set-cookie="ocqqq4bnplq7=cfvomtegi1epbnd2gc23fpt353; path=/; secure; HttpOnly; SameSite=Lax, HASH_ocqqq4bnplq7=9A7C672BAB503995D8AF76B19FEC30B8C7C7A8C8; path=/; secure; HttpOnly; HASH_SameSite=CBB3FF42DB056F81A0AC398AD1889D12B79E4FEC" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRKwCVR4-Qy_yTd7VlbN0QAAACM"
2023:09:26-13:18:49 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3832343360] [client 86.124.125.191:58660] Form validation failed: Received unhardened form data
2023:09:26-13:18:49 robfw1 httpd: id="0299" srcip="86.124.125.191" localip="79.115.175.113" size="253" user="-" host="86.124.125.191" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="32269" url="/index.php/apps/theming/manifest" server="cloud-jder.ddns.net" port="443" query="?v=b6589fc6" referer="-" cookie="nc_sameSiteCookielax=true; ocsdvx0o4czd=q8nm73lat0ts4jmkr5igfe80cs; ocqqq4bnplq7=cfvomtegi1epbnd2gc23fpt353; nc_sameSiteCookiestrict=true; oc_sessionPassphrase=9kc1bRScz7AU3JoAHwfOM5%2B6UD0sIwEN1gOFHw5F6kT3Yy6iy7UOG5ARhv7fdTCjiLSqnoeDfPKrk18wQhGo1pOc6vUuQujMynwhfT%2FXDA7zywP8QdmuC5qLk91mZfZI; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRKwCVR4-Qy_yTd7VlbN0gAAACM"
2023:09:26-13:18:50 robfw1 httpd[4425]: [form_hardening:error] [pid 4425:tid 3823950656] [client 86.124.125.191:58661] Form validation failed: Received unhardened form data
2023:09:26-13:18:50 robfw1 httpd: id="0299" srcip="86.124.125.191" localip="79.115.175.113" size="203" user="-" host="86.124.125.191" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="30843" url="/index.php/apps/unsplash/api/login.css" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="__Host-nc_sameSiteCookiestrict=true; nc_sameSiteCookielax=true; ocsdvx0o4czd=q8nm73lat0ts4jmkr5igfe80cs; ocqqq4bnplq7=cfvomtegi1epbnd2gc23fpt353; nc_sameSiteCookiestrict=true; oc_sessionPassphrase=9kc1bRScz7AU3JoAHwfOM5%2B6UD0sIwEN1gOFHw5F6kT3Yy6iy7UOG5ARhv7fdTCjiLSqnoeDfPKrk18wQhGo1pOc6vUuQujMynwhfT%2FXDA7zywP8QdmuC5qLk91mZfZI; __Host-nc_sameSiteCookielax=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRKwClR4-Qy_yTd7VlbN0wAAACU"
2023:09:26-13:18:50 robfw1 httpd: id="0299" srcip="86.124.125.191" localip="79.115.175.113" size="1411" user="-" host="86.124.125.191" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="40865" url="/index.php/core/js/oc.js" server="cloud-jder.ddns.net" port="443" query="?v=f196aa56" referer="-" cookie="__Host-nc_sameSiteCookiestrict=true; nc_sameSiteCookielax=true; ocsdvx0o4czd=q8nm73lat0ts4jmkr5igfe80cs; ocqqq4bnplq7=cfvomtegi1epbnd2gc23fpt353; nc_sameSiteCookiestrict=true; oc_sessionPassphrase=9kc1bRScz7AU3JoAHwfOM5%2B6UD0sIwEN1gOFHw5F6kT3Yy6iy7UOG5ARhv7fdTCjiLSqnoeDfPKrk18wQhGo1pOc6vUuQujMynwhfT%2FXDA7zywP8QdmuC5qLk91mZfZI; __Host-nc_sameSiteCookielax=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRKwClR4-Qy_yTd7VlbN1AAAACQ"

I have not done modifications to the Nextcloud, nor to the Sophos, so i really don't understand what is happening. I tried to play with Firewall profiles in the Webserver config (tried basic, advanced, none at all, monitor mode, etc) but still same problem. I also deployed a new , from scratch Nextcloud server, but the issue persists.

I am running version 9.716-2

Any help would be highly appreciated. Thank you.



This thread was automatically locked due to age.
Parents
  • Hello  ,

    Thanks for reaching out to Sophos Community.

    Could you try to create a new exception for form hardening that applies to the URL identified in the reverseproxy.log. Then enable exception "Never change HTML during URL Hardening or Form Hardening“ 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • hi,

    Thank you, i added in the exception as follows (hope i did it correct):

    Now i see the following logs (no hardening errors apparently):

    2023:10:02-16:00:44 robfw1 httpd[6018]: [url_hardening:error] [pid 6018:tid 4102015808] [client 83.97.73.87:34984] Hostname in HTTP request (188.27.163.161) does not match the server name (REF_RevFroNextCloudExter_redirect_ssl)
    2023:10:02-16:00:44 robfw1 httpd: id="0299" srcip="83.97.73.87" localip="188.27.163.161" size="199" user="-" host="83.97.73.87" method="POST" statuscode="403" reason="-" extra="-" exceptions="-" time="204" url="/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" server="188.27.163.161:80" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRq-_Kq5SfZRxGuT36o8XgAAAAM"
    2023:10:02-16:01:01 robfw1 httpd: id="0299" srcip="5.15.85.54" localip="188.27.163.161" size="5944" user="-" host="5.15.85.54" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="71496" url="/index.php/login" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="__Host-nc_sameSiteCookielax=true; HASH___Host-nc_sameSiteCookielax=3147B5FAD3ADF92A442C45B52D459FAE7106CFF8; __Host-nc_sameSiteCookiestrict=true; HASH___Host-nc_sameSiteCookiestrict=FFC39A0BA50A010033525A9232A588F0EE6D7617; oc_sessionPassphrase=As0q8lA25xeBr2j1tfEXHk8jOVITua8LZ%2FxBpnI45xAKbMnKoPU5SnYO8Mcu9EGmKYqKPE0j%2FnJlXX69bo27CFMTNwxJWBeLqsaX1TkE7eyBRlcgL2S9z2P4UCcDodcC; HASH_oc_sessionPassphrase=D4D5D9FA467532AA8EEAE5CFBD599B15AF54AA82; ocsdvx0o4czd=qtdug3si1988q6q8q0d339teq5; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; HASH_ocsdvx0o4czd=728E17D4FC81F9D8F8AC565F0877FC6ED12EFE51; ocqqq4bnplq7=ed65d4c3jfgboa58svqbgce3nv; HASH_ocqqq4bnplq7=2255CB6956FD42201C949CBAD068EC2EEDD29505" set-cookie="ocqqq4bnplq7=ed65d4c3jfgboa58svqbgce3nv;
    2023:10:02-16:01:01 robfw1 httpd: path=/; secure; HttpOnly; SameSite=Lax" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRq_Daq5SfZRxGuT36o8XwAAAAQ"
    2023:10:02-16:01:01 robfw1 httpd: id="0299" srcip="5.15.85.54" localip="188.27.163.161" size="203" user="-" host="5.15.85.54" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="15695" url="/index.php/apps/unsplash/api/login.css" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="__Host-nc_sameSiteCookielax=true; HASH___Host-nc_sameSiteCookielax=3147B5FAD3ADF92A442C45B52D459FAE7106CFF8; __Host-nc_sameSiteCookiestrict=true; HASH___Host-nc_sameSiteCookiestrict=FFC39A0BA50A010033525A9232A588F0EE6D7617; oc_sessionPassphrase=As0q8lA25xeBr2j1tfEXHk8jOVITua8LZ%2FxBpnI45xAKbMnKoPU5SnYO8Mcu9EGmKYqKPE0j%2FnJlXX69bo27CFMTNwxJWBeLqsaX1TkE7eyBRlcgL2S9z2P4UCcDodcC; HASH_oc_sessionPassphrase=D4D5D9FA467532AA8EEAE5CFBD599B15AF54AA82; ocsdvx0o4czd=qtdug3si1988q6q8q0d339teq5; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; HASH_ocsdvx0o4czd=728E17D4FC81F9D8F8AC565F0877FC6ED12EFE51; ocqqq4bnplq7=ed65d4c3jfgboa58svqbgce3nv; HASH_ocqqq4bnplq7=2255CB6956FD42201C949CBAD068EC2EEDD29505" set-cookie="-" websocket_scheme=
    2023:10:02-16:01:01 robfw1 httpd: "-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRq_Daq5SfZRxGuT36o8YAAAAAQ"
    2023:10:02-16:03:15 robfw1 httpd: id="0299" srcip="5.15.85.54" localip="188.27.163.161" size="5941" user="-" host="5.15.85.54" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="70037" url="/index.php/login" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="__Host-nc_sameSiteCookielax=true; HASH___Host-nc_sameSiteCookielax=3147B5FAD3ADF92A442C45B52D459FAE7106CFF8; __Host-nc_sameSiteCookiestrict=true; HASH___Host-nc_sameSiteCookiestrict=FFC39A0BA50A010033525A9232A588F0EE6D7617; oc_sessionPassphrase=As0q8lA25xeBr2j1tfEXHk8jOVITua8LZ%2FxBpnI45xAKbMnKoPU5SnYO8Mcu9EGmKYqKPE0j%2FnJlXX69bo27CFMTNwxJWBeLqsaX1TkE7eyBRlcgL2S9z2P4UCcDodcC; HASH_oc_sessionPassphrase=D4D5D9FA467532AA8EEAE5CFBD599B15AF54AA82; ocsdvx0o4czd=qtdug3si1988q6q8q0d339teq5; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; HASH_ocsdvx0o4czd=728E17D4FC81F9D8F8AC565F0877FC6ED12EFE51; ocqqq4bnplq7=ed65d4c3jfgboa58svqbgce3nv; HASH_ocqqq4bnplq7=2255CB6956FD42201C949CBAD068EC2EEDD29505" set-cookie="ocqqq4bnplq7=ed65d4c3jfgboa58svqbgce3nv;
    2023:10:02-16:03:15 robfw1 httpd: path=/; secure; HttpOnly; SameSite=Lax" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRq_kqq5SfZRxGuT36o8YQAAAAA"
    2023:10:02-16:03:15 robfw1 httpd: id="0299" srcip="5.15.85.54" localip="188.27.163.161" size="203" user="-" host="5.15.85.54" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="21442" url="/index.php/apps/unsplash/api/login.css" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="__Host-nc_sameSiteCookielax=true; HASH___Host-nc_sameSiteCookielax=3147B5FAD3ADF92A442C45B52D459FAE7106CFF8; __Host-nc_sameSiteCookiestrict=true; HASH___Host-nc_sameSiteCookiestrict=FFC39A0BA50A010033525A9232A588F0EE6D7617; oc_sessionPassphrase=As0q8lA25xeBr2j1tfEXHk8jOVITua8LZ%2FxBpnI45xAKbMnKoPU5SnYO8Mcu9EGmKYqKPE0j%2FnJlXX69bo27CFMTNwxJWBeLqsaX1TkE7eyBRlcgL2S9z2P4UCcDodcC; HASH_oc_sessionPassphrase=D4D5D9FA467532AA8EEAE5CFBD599B15AF54AA82; ocsdvx0o4czd=qtdug3si1988q6q8q0d339teq5; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; HASH_ocsdvx0o4czd=728E17D4FC81F9D8F8AC565F0877FC6ED12EFE51; ocqqq4bnplq7=ed65d4c3jfgboa58svqbgce3nv; HASH_ocqqq4bnplq7=2255CB6956FD42201C949CBAD068EC2EEDD29505" set-cookie="-" websocket_scheme=
    2023:10:02-16:03:15 robfw1 httpd: "-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZRq_k6q5SfZRxGuT36o8YgAAAAA"

    However, the behavior is the same. nothing changed - still not working, with the same problem.

  • Hello,

    Thanks for sharing these details. Wanted to confirm if this previously worked before? If yes, are there any change on firewall side or server side prior the issue? Also, does this Next Cloud Extern virtual web server maps to an internal server? Could you provide high level traffic flow for this access? Thanks

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi,

    Yes, this setup is old and has been running succesfully for the last 3-4 years. I have done no change on the firewall nor the Nextcloud server. The issue just appeared without explination. The firewall upgraded to 9.716-2 a while ago (one month aprox i think), but i cannot say that the problem appeared after the upgrade, because i have not checked in that moment. Anyway i upgrade the Sophos reguralry, each time there is an update, so i ve been doing it for years now, without any problem. I was just memntioning about the upgrade, as being the only recent change on this entire setup, not necesarly that it has an importance.

    The nextcloud server is installed as a snap and has been working in the same manner as i said, for years now. When this problem appeared i deployed another new from scratch Nextcloud server (normal ubuntu installation this time, not snap), as a test and the problem is exactly the same. So which ever Nextcloud deployment i try (old snap or new install deployment), the problem is exactly the same.

    High level of traffic flow: cloud-jder.ddns.net points to the Sophos WAN interface. Also i am using Sophos with Let's encrypt, to have a certificate for this domain (yes, i did renew the certificate as a test and still no change). When it receives traffic for this domain, it redirects it to the internal server Nextcloud, based on the WAF configuration that i made (type encrypted HTTPS & redirect). The Nextcloud has nothing special configured on it (no certifications, domains, etc).

    That's it, a basic setup i would say.

    Latest logs that i can see from my attempts:

    2023:10:04-16:17:49 robfw1 httpd: =Lax" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1l_bC9kYVMhh3VRgiRYwAAAC8"
    2023:10:04-16:17:49 robfw1 httpd: id="0299" srcip="5.15.79.18" localip="188.27.163.161" size="1174" user="-" host="5.15.79.18" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="2013" url="/core/css/guest.css.map" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="ocsdvx0o4czd=i2467r21avpb3epgn3qdmvvv1t; oc_sessionPassphrase=7urdPTA5WAG%2B1f9j3HR7FA32hV%2B7MYWxbwFr6c6%2FOgl0QN9%2BaxPGmdiwELjjukd1uUOvvvGDsip7bLzBLNhFqytIqngoQNm8fdh3w%2B%2F9kn1an%2FkVqNA3IOwApmHFp9xJ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1l_bC9kYVMhh3VRgiRagAAACY"
    2023:10:04-16:17:49 robfw1 httpd: id="0299" srcip="5.15.79.18" localip="188.27.163.161" size="4912" user="-" host="5.15.79.18" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="12749" url="/core/css/server.css.map" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="ocsdvx0o4czd=i2467r21avpb3epgn3qdmvvv1t; oc_sessionPassphrase=7urdPTA5WAG%2B1f9j3HR7FA32hV%2B7MYWxbwFr6c6%2FOgl0QN9%2BaxPGmdiwELjjukd1uUOvvvGDsip7bLzBLNhFqytIqngoQNm8fdh3w%2B%2F9kn1an%2FkVqNA3IOwApmHFp9xJ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1l_bC9kYVMhh3VRgiRaQAAAC8"
    2023:10:04-16:17:53 robfw1 httpd: id="0299" srcip="5.15.79.18" localip="188.27.163.161" size="0" user="-" host="5.15.79.18" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="39050" url="/" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="ocsdvx0o4czd=i2467r21avpb3epgn3qdmvvv1t; oc_sessionPassphrase=7urdPTA5WAG%2B1f9j3HR7FA32hV%2B7MYWxbwFr6c6%2FOgl0QN9%2BaxPGmdiwELjjukd1uUOvvvGDsip7bLzBLNhFqytIqngoQNm8fdh3w%2B%2F9kn1an%2FkVqNA3IOwApmHFp9xJ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1mAbC9kYVMhh3VRgiRawAAAB8"
    2023:10:04-16:17:53 robfw1 httpd: id="0299" srcip="5.15.79.18" localip="188.27.163.161" size="6013" user="-" host="5.15.79.18" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="35918" url="/index.php/login" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="ocsdvx0o4czd=i2467r21avpb3epgn3qdmvvv1t; oc_sessionPassphrase=7urdPTA5WAG%2B1f9j3HR7FA32hV%2B7MYWxbwFr6c6%2FOgl0QN9%2BaxPGmdiwELjjukd1uUOvvvGDsip7bLzBLNhFqytIqngoQNm8fdh3w%2B%2F9kn1an%2FkVqNA3IOwApmHFp9xJ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true" set-cookie="ocsdvx0o4czd=i2467r21avpb3epgn3qdmvvv1t; path=/; HttpOnly; SameSite=Lax" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1mAbC9kYVMhh3VRgiRbAAAAB8"
    2023:10:04-16:17:56 robfw1 httpd: id="0299" srcip="5.15.79.18" localip="188.27.163.161" size="1174" user="-" host="5.15.79.18" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1796" url="/core/css/guest.css.map" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="ocsdvx0o4czd=i2467r21avpb3epgn3qdmvvv1t; oc_sessionPassphrase=7urdPTA5WAG%2B1f9j3HR7FA32hV%2B7MYWxbwFr6c6%2FOgl0QN9%2BaxPGmdiwELjjukd1uUOvvvGDsip7bLzBLNhFqytIqngoQNm8fdh3w%2B%2F9kn1an%2FkVqNA3IOwApmHFp9xJ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1mBLC9kYVMhh3VRgiRbgAAACY"
    2023:10:04-16:17:56 robfw1 httpd: id="0299" srcip="5.15.79.18" localip="188.27.163.161" size="4912" user="-" host="5.15.79.18" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="3349" url="/core/css/server.css.map" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="ocsdvx0o4czd=i2467r21avpb3epgn3qdmvvv1t; oc_sessionPassphrase=7urdPTA5WAG%2B1f9j3HR7FA32hV%2B7MYWxbwFr6c6%2FOgl0QN9%2BaxPGmdiwELjjukd1uUOvvvGDsip7bLzBLNhFqytIqngoQNm8fdh3w%2B%2F9kn1an%2FkVqNA3IOwApmHFp9xJ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1mBLC9kYVMhh3VRgiRbQAAAC8"
    2023:10:04-16:20:23 robfw1 httpd: id="0299" srcip="5.15.85.54" localip="188.27.163.161" size="6013" user="-" host="5.15.85.54" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="40979" url="/index.php/login" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="__Host-nc_sameSiteCookielax=true; HASH___Host-nc_sameSiteCookielax=3147B5FAD3ADF92A442C45B52D459FAE7106CFF8; __Host-nc_sameSiteCookiestrict=true; HASH___Host-nc_sameSiteCookiestrict=FFC39A0BA50A010033525A9232A588F0EE6D7617; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; oc_sessionPassphrase=tK4NHmDimHPnlzaB2jc2bUci50T8R%2BolcqjZXHgerCf4z31sCungYC3cSSqj7lWvEDvF9PzgQJO9crlu8G2nkVcv%2FkVjXBbbnGraMLjDEMUt%2FeJkDNlpZ%2BQi7yG0VNFO; ocsdvx0o4czd=itdu54j3acth7tbd09bgfu5lhb" set-cookie="ocsdvx0o4czd=12m9070oeoue7s1c51td03ig83; path=/; HttpOnly; SameSite=Lax, ocsdvx0o4czd=12m9070oeoue7s1c51td03ig83; path=/; HttpOnly; SameSite=Lax, ocsdvx0o4czd=12m9070oeoue7s1c51td03ig83; path=/; HttpOnly; SameSite=Lax, ocsdvx0o4czd=12m9070oeoue7s1c51td03ig83; path=/
    2023:10:04-16:20:23 robfw1 httpd: ; HttpOnly; SameSite=Lax" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1ml7C9kYVMhh3VRgiRbwAAADA"
    2023:10:04-16:27:40 robfw1 httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="53" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="165" url="/lb-status" server="localhost:4080" port="80" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1oTLC9kYVMhh3VRgiRcAAAAAE"
    2023:10:04-16:29:07 robfw1 httpd: id="0299" srcip="5.14.145.87" localip="188.27.163.161" size="4727" user="-" host="5.14.145.87" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="35724" url="/index.php/login" server="cloud-jder.ddns.net" port="443" query="" referer="-" cookie="oc_sessionPassphrase=CwWqmBs0TdcmFVjC0QvbL%2BLCw6oz07RGlwKfvaD6Ny5ZUvoN6rdyIZVo1iEXRYCKKL%2FyKjKaG6wB8zosZVDcGZsNvTDL4AuqYnz3aM%2Fb7xf2fLeLiZYeYPv1OscP8aT2; ocsdvx0o4czd=vma0n6l4lsi5k2d20aevh553cp; HASH___Host-nc_sameSiteCookielax=3147B5FAD3ADF92A442C45B52D459FAE7106CFF8; HASH___Host-nc_sameSiteCookiestrict=FFC39A0BA50A010033525A9232A588F0EE6D7617; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; HASH_nc_sameSiteCookielax=ED1D589C8364C1A2FEEC5F6379D33D0B3ED00A13; HASH_nc_sameSiteCookiestrict=BCABC1DB122EDF2C4B9BC8C27DE8888D28D1C432; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true" set-cookie="ocsdvx0o4czd=vma0n6l4lsi5k2d20aevh553cp; path=/; HttpOnly; SameSite=Lax" websocket_scheme="-" websocket_protocol="-" websocket_
    2023:10:04-16:29:07 robfw1 httpd: key="-" websocket_version="-" uid="ZR1oo7C9kYVMhh3VRgiRcQAAAC0"
    2023:10:04-16:29:07 robfw1 httpd: id="0299" srcip="5.14.145.87" localip="188.27.163.161" size="1395" user="-" host="5.14.145.87" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="14942" url="/index.php/core/js/oc.js" server="cloud-jder.ddns.net" port="443" query="?v=52e1fa2b" referer="-" cookie="ocsdvx0o4czd=vma0n6l4lsi5k2d20aevh553cp; oc_sessionPassphrase=CwWqmBs0TdcmFVjC0QvbL%2BLCw6oz07RGlwKfvaD6Ny5ZUvoN6rdyIZVo1iEXRYCKKL%2FyKjKaG6wB8zosZVDcGZsNvTDL4AuqYnz3aM%2Fb7xf2fLeLiZYeYPv1OscP8aT2; HASH___Host-nc_sameSiteCookielax=3147B5FAD3ADF92A442C45B52D459FAE7106CFF8; HASH___Host-nc_sameSiteCookiestrict=FFC39A0BA50A010033525A9232A588F0EE6D7617; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; HASH_nc_sameSiteCookielax=ED1D589C8364C1A2FEEC5F6379D33D0B3ED00A13; HASH_nc_sameSiteCookiestrict=BCABC1DB122EDF2C4B9BC8C27DE8888D28D1C432; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZR1oo7C9kYVMhh3V
    2023:10:04-16:29:07 robfw1 httpd: RgiRcgAAAC0"

    I for one cannot see a problem through these lines. I tried from different browsers and i rebooted the Sophos several times. 

    Really don't know where to look more.

    Thanks

  • I managed to find the problem:



    I had that one ticked and disabling it restores the functionality. Does this mean the current version changed the functionality somehow of this feature, because i used it ticked before ?

    Different topic: now that i made it working i tried to apply the form and URL hardening but it is impossible. I made many exceptions based on the logs of the WAF and i can't make it work properly. either there are some icons that don't load, or features or submenu pages entirely. I played with a lot of exceptions, with wildcards, shorter, longer, etc. Only using /* makes it work , but that is basically disabling the hardening at all (or enabling a hardening which does nothing). 

    thx

Reply
  • I managed to find the problem:



    I had that one ticked and disabling it restores the functionality. Does this mean the current version changed the functionality somehow of this feature, because i used it ticked before ?

    Different topic: now that i made it working i tried to apply the form and URL hardening but it is impossible. I made many exceptions based on the logs of the WAF and i can't make it work properly. either there are some icons that don't load, or features or submenu pages entirely. I played with a lot of exceptions, with wildcards, shorter, longer, etc. Only using /* makes it work , but that is basically disabling the hardening at all (or enabling a hardening which does nothing). 

    thx

Children
No Data