Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 11650 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URL Hardening Questions

tomtomtom
I have set up WAF in the following way:

1. virtual webserver:

Domains: domain.com
Real Web Servers: Lotus Domino Server
Firewall Profile: Advanced Protection (with URL hardening)

2. real webserver:

name: Lotus Domino Server
host: an internal host (external access via DNAT)

3. firewall profiles:

Advanced with URL hardening.


For testing purposes I have entered only "www.domain.com" in URL hardening.

I tried to open "domain.com/otherthings" directly and this still works. I thought URL hardening would disable the direct access to URLs not entered in the "Entry URL"-list

Do I missunderstand URL hardening or is it the DNAT which does not work with WAF?


This thread was automatically locked due to age.
Parents
  • 0
    A fundament concept is that traffic arriving at an interface is handled only once: DNATs come before Proxies and Proxies come before manual Static Routes and Firewall rules.  The DNAT prevents the WAF from seeing your traffic.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    A fundament concept is that traffic arriving at an interface is handled only once: DNATs come before Proxies and Proxies come before manual Static Routes and Firewall rules.  The DNAT prevents the WAF from seeing your traffic.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    A fundament concept is that traffic arriving at an interface is handled only once: DNATs come before Proxies and Proxies come before manual Static Routes and Firewall rules.  The DNAT prevents the WAF from seeing your traffic.

    Cheers - Bob

    Ok, good to know.

    Thank you Bob for your very useful and concrete answer!
  • 0 in reply to tomtomtom
    I just love BAlfson's title!  

    I think what we need from Astaro/Sophos is the ability to create and modify (including enable & disable) WAF rules.

    Our web apps are pretty complex and we currently use ModSecurity (embedded mode) and have many custom rules that either address undetected attacks or false positives, or simply do custom things we need.
Unfiltered HTML