This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Android - WAF HTTPS too many redirects

I just setup WAF on one domain so far. I created a HTTPS Real and Virtual server. It seems to be working OK with FireFox and IE on PC's but when I try to access the site with an Android, I keep getting the following error:

Connection Problem
The page contains too many server redirects.


It works fine when I disable WAF and use DNAT.

Any suggestions?


This thread was automatically locked due to age.
Parents
  • The log has repeated entries like below:

    ...
    2013:07:02-04:38:29 sophos reverseproxy: [Tue Jul 02 04:38:29.966987 2013] [cookie:warn] [pid 9294:tid 3989465968] [client 6x.xx.***.x6:24968] Dropping cookie '.APFW' from request due to missing/invalid signature
     
    2013:07:02-04:38:29 sophos reverseproxy: srcip="6x.xx.***.x6" localip="5x.***.xx.x3" size="114" user="-" host="6x.xx.***.x6" method="GET" statuscode="302" reason="-" extra="-" time="6390" url="/APFW/default.aspx" server="my.site.com" referer="-" cookie="AlarmsDue=false; ActLogin=username; ASP.NET_SessionId=5tjorxhdvfsgq1hxetcnnbqx; IsPendingWorkflowActionDialogOpen=false" set-cookie="AlarmsDue=false; path=/, HASH_AlarmsDue=100DC71D07382DBE0BCAF52C0FAEA069A3C4FF1D; path=/"
     
    2013:07:02-04:38:30 sophos reverseproxy: [Tue Jul 02 04:38:30.162907 2013] [cookie:warn] [pid 9294:tid 3989465968] [client 6x.xx.***.x6:24968] Dropping cookie '.APFW' from request due to missing/invalid signature
     
    2013:07:02-04:38:30 sophos reverseproxy: srcip="6x.xx.***.x6" localip="5x.***.xx.x3" size="119" user="-" host="6x.xx.***.x6" method="GET" statuscode="302" reason="-" extra="-" time="481836" url="/APFW/M" server="my.site.com" referer="-" cookie="ASP.NET_SessionId=5tjorxhdvfsgq1hxetcnnbqx; IsPendingWorkflowActionDialogOpen=false; AlarmsDue=false; ActLogin=username" set-cookie="-"
     
    2013:07:02-04:38:30 sophos reverseproxy: [Tue Jul 02 04:38:30.832060 2013] [cookie:warn] [pid 9294:tid 3989465968] [client 6x.xx.***.x6:24968] Dropping cookie '.APFW' from request due to missing/invalid signature
     
    2013:07:02-04:38:30 sophos reverseproxy: srcip="6x.xx.***.x6" localip="5x.***.xx.x3" size="149" user="-" host="6x.xx.***.x6" method="GET" statuscode="302" reason="-" extra="-" time="4215" url="/APFW/M/Home" server="my.site.com" referer="-" cookie="ASP.NET_SessionId=5tjorxhdvfsgq1hxetcnnbqx; IsPendingWorkflowActionDialogOpen=false; AlarmsDue=false; ActLogin=username" set-cookie="-"
     
    2013:07:02-04:38:31 sophos reverseproxy: [Tue Jul 02 04:38:31.046603 2013] [cookie:warn] [pid 9294:tid 3989465968] [client 6x.xx.***.x6:24968] Dropping cookie '.APFW' from request due to missing/invalid signature
     
    2013:07:02-04:38:31 sophos reverseproxy: srcip="6x.xx.***.x6" localip="5x.***.xx.x3" size="114" user="-" host="6x.xx.***.x6" method="GET" statuscode="302" reason="-" extra="-" time="6815" url="/APFW/default.aspx" server="my.site.com" referer="-" cookie="ASP.NET_SessionId=5tjorxhdvfsgq1hxetcnnbqx; IsPendingWorkflowActionDialogOpen=false; AlarmsDue=false; ActLogin=username" set-cookie="AlarmsDue=false; path=/, HASH_AlarmsDue=100DC71D07382DBE0BCAF52C0FAEA069A3C4FF1D; path=/" 
    ...

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

  • Unchecking Cookie signing in Firewall Profiles -> Advanced Protection seems to fix it.
     
    Since that worked, I thought I would create an exception instead of editing the Advanced Protection profile but it does not work.
     
    Shouldn't creating an exception and ticking Cookie Signing under Skip these checks accomplish the same thing as unticking Cookie signing under the Advanced Protection profile?

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

Reply
  • Unchecking Cookie signing in Firewall Profiles -> Advanced Protection seems to fix it.
     
    Since that worked, I thought I would create an exception instead of editing the Advanced Protection profile but it does not work.
     
    Shouldn't creating an exception and ticking Cookie Signing under Skip these checks accomplish the same thing as unticking Cookie signing under the Advanced Protection profile?

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

Children
No Data