This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AH00898 Error reading from remote server returned by

Hello everyone,
I am having trouble with some HTTPS services deployed via WAF.

Previously those services were deployed using DNAT.

When accessing the URL I get and Proxy error

This is what the log shows:
2013:09:23-13:41:18  reverseproxy: [Mon Sep 23 13:41:18.313296 2013] [proxy_http:error] [pid 5211:tid 4010797936] (20014)Internal error: [client :58915] AH01102: error reading status line from remote server :443
2013:09:23-13:41:18  reverseproxy: srcip="" localip="" size="0" user="-" host="" method="GET" statuscode="200" reason="-" extra="-" time="14736" url="/mifs/c/apix/v1/client//appstore" server="" referer="-" cookie="JSESSIONID=" set-cookie="-"
2013:09:23-13:41:18  reverseproxy: [Mon Sep 23 13:41:18.363377 2013] [proxy_http:error] [pid 5211:tid 3985619824] (20014)Internal error: [client :58917] AH01102: error reading status line from remote server :443
2013:09:23-13:41:18  reverseproxy: [Mon Sep 23 13:41:18.363398 2013] [proxy:error] [pid 5211:tid 3985619824] [client :58917] AH00898: Error reading from remote server returned by /mifs/c/apix/v1/client//appstore
2013:09:23-13:41:18  reverseproxy: srcip="" localip="" size="461" user="-" host="" method="GET" statuscode="502" reason="-" extra="-" time="13823" url="/mifs/c/apix/v1/client//appstore" server="" referer="-" cookie="JSESSIONID=" set-cookie="-"
2013:09:23-13:41:18  reverseproxy: srcip="" localip="" size="39" user="-" host="" method="GET" statuscode="404" reason="-" extra="-" time="14408" url="/apple-touch-icon-152x152-precomposed.png" server="" referer="-" cookie="-" set-cookie="JSESSIONID=; Path=/mifs; Secure; HttpOnly, HASH_JSESSIONID=; Path=/mifs; Secure"
2013:09:23-13:41:18  reverseproxy: srcip="" localip="" size="39" user="-" host="" method="GET" statuscode="404" reason="-" extra="-" time="13898" url="/apple-touch-icon-152x152.png" server="" referer="-" cookie="-" set-cookie="JSESSIONID=; Path=/mifs; Secure; HttpOnly, HASH_JSESSIONID=; Path=/mifs; Secure"
2013:09:23-13:41:18  reverseproxy: srcip="" localip="" size="39" user="-" host="" method="GET" statuscode="404" reason="-" extra="-" time="14605" url="/apple-touch-icon-precomposed.png" server="" referer="-" cookie="-" set-cookie="JSESSIONID=; Path=/mifs; Secure; HttpOnly, HASH_JSESSIONID=; Path=/mifs; Secure"
2013:09:23-13:41:18  reverseproxy: srcip="" localip="" size="45" user="-" host="" method="GET" statuscode="404" reason="-" extra="-" time="14330" url="/apple-touch-icon.png" server="" referer="-" cookie="-" set-cookie="JSESSIONID=; Path=/mifs; Secure; HttpOnly, HASH_JSESSIONID=; Path=/mifs; Secure" 


I masked some information in 

This happens only with this subpath. There is another portal running on this webserver (same real and virtual server) and thats running smoothly

Any ideas?

WAF is kinda hart to debug since the logs give not much of a clue what is the issue [:(]

best regards
chaser


This thread was automatically locked due to age.
Parents
  • I think that reverseproxy only works with traffic in the INPUT chain, so I'm confused that the other one appears to work.  Can you see lines in the reveseproxy log where an internal user successfully accesses the internal Real Server via the Virtual Server on the External interface?

    I also don't think that httpproxy can talk to the reverseproxy.  Can you see lines in the Web Filtering log showing an internal user accessing an internal server (via either its private or public IP)?

    I think the only way to have the WAF handle internal->internal traffic is to use split DNS, aiming the FQDN at an address on the Internal interface, and then adding a Virtual Server on the Internal inteface.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I think that reverseproxy only works with traffic in the INPUT chain, so I'm confused that the other one appears to work.  Can you see lines in the reveseproxy log where an internal user successfully accesses the internal Real Server via the Virtual Server on the External interface?

    I also don't think that httpproxy can talk to the reverseproxy.  Can you see lines in the Web Filtering log showing an internal user accessing an internal server (via either its private or public IP)?

    I think the only way to have the WAF handle internal->internal traffic is to use split DNS, aiming the FQDN at an address on the Internal interface, and then adding a Virtual Server on the Internal inteface.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data