Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 26575 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URI prefix does not match

Longman
Version: 9.109-1

This past week followed the latest article on setting up access to a Remote Desktop Gateway using WAF. Had been using a dnat rule prior to that. Has worked well however tested access using an Andriod tablet with the Microsoft RDP client and have encountered the issue stated in the subject. Below is the log entries showing the URI prefix not matching. Based on the URI value in the log what changes would be needed to the entry url's? I have tried several different entries with no success.

Thanks


2014:03:17-04:18:01 FIREWALL reverseproxy: [Mon Mar 17 04:18:01.576147 2014] [url_hardening:error] [pid 13885:tid 4013575024] [client X.X.X.X:56659] URI prefix does not match, URI: rdgateway.domain.com:443/.../rpcproxy.dll
2014:03:17-04:18:01 FIREWALL reverseproxy: [Mon Mar 17 04:18:01.576156 2014] [url_hardening:error] [pid 13885:tid 4047145840] [client X.X.X.X:56660] URI prefix does not match, URI: rdgateway.domain.com:443/.../rpcproxy.dll


This thread was automatically locked due to age.
Parents
  • 0
    Want to bump this for exposure, I experience this as well. My other publishing rules work well, but RD Gateway failure is causing me to fall back to NAT rules [:(]

    Here is an excerpt of the failure attempt from the live log:
    2014:06:24-11:28:08 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="265" user="-" host="94.186.198.191" method="RDG_OUT_DATA" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="30077" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-" 

    2014:06:24-11:28:08 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="265" user="-" host="94.186.198.191" method="RDG_IN_DATA" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="29674" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-" 

    2014:06:24-11:28:08 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="0" user="-" host="94.186.198.191" method="RDG_IN_DATA" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="4509" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-" 

    2014:06:24-11:29:37 proxy reverseproxy: [Tue Jun 24 11:29:37.828229 2014] [proxy_http:error] [pid 13427:tid 4046588784] (-102)Unknown error 4294967194: [client 94.186.198.191:59143] AH01095: prefetch request body failed to 192.168.a.b:443 (192.168.a.b) from 94.186.198.191 () 

    2014:06:24-11:29:37 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="357" user="-" host="94.186.198.191" method="RDG_IN_DATA" statuscode="400" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="89625115" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-" 

    2014:06:24-11:29:37 proxy reverseproxy: [Tue Jun 24 11:29:37.829774 2014] [proxy_http:error] [pid 13427:tid 4054981488] (104)Connection reset by peer: [client 94.186.198.191:59142] AH01110: error reading response 

    2014:06:24-11:29:37 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="10" user="-" host="94.186.198.191" method="RDG_OUT_DATA" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="89751922" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-"

    I've sanitized a few IP's/hostnames, but this includes the full conversation until failure on the client side.

    Version:
    Sophos: 9.202-3
    Windows Server: 2012 R2 Fully Patched
    Windows Client: Windows 8.1
    RDP Client Version: 6.3.9600

    Happy to troubleshoot/debug anything that helps to facilitate this scenario.

    Thanks,
    Tim
Reply
  • 0
    Want to bump this for exposure, I experience this as well. My other publishing rules work well, but RD Gateway failure is causing me to fall back to NAT rules [:(]

    Here is an excerpt of the failure attempt from the live log:
    2014:06:24-11:28:08 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="265" user="-" host="94.186.198.191" method="RDG_OUT_DATA" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="30077" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-" 

    2014:06:24-11:28:08 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="265" user="-" host="94.186.198.191" method="RDG_IN_DATA" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="29674" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-" 

    2014:06:24-11:28:08 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="0" user="-" host="94.186.198.191" method="RDG_IN_DATA" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="4509" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-" 

    2014:06:24-11:29:37 proxy reverseproxy: [Tue Jun 24 11:29:37.828229 2014] [proxy_http:error] [pid 13427:tid 4046588784] (-102)Unknown error 4294967194: [client 94.186.198.191:59143] AH01095: prefetch request body failed to 192.168.a.b:443 (192.168.a.b) from 94.186.198.191 () 

    2014:06:24-11:29:37 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="357" user="-" host="94.186.198.191" method="RDG_IN_DATA" statuscode="400" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="89625115" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-" 

    2014:06:24-11:29:37 proxy reverseproxy: [Tue Jun 24 11:29:37.829774 2014] [proxy_http:error] [pid 13427:tid 4054981488] (104)Connection reset by peer: [client 94.186.198.191:59142] AH01110: error reading response 

    2014:06:24-11:29:37 proxy reverseproxy: srcip="94.186.198.191" localip="192.168.x.y" size="10" user="-" host="94.186.198.191" method="RDG_OUT_DATA" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter_ProtocolViolations, SkipThreatsFilter_ProtocolAnomalies, SkipThreatsFilter_RequestLimits, SkipThreatsFilter_HttpPolicy, SkipThreatsFilter_BadRobots, SkipThreatsFilter_GenericAttacks, SkipThreatsFilter_SqlInjectionAttacks, SkipThreatsFilter_XssAttacks, SkipThreatsFilter_Trojans, SkipThreatsFilter_Outbound" time="89751922" url="/remoteDesktopGateway/" server="remote.domain.com" referer="-" cookie="-" set-cookie="-"

    I've sanitized a few IP's/hostnames, but this includes the full conversation until failure on the client side.

    Version:
    Sophos: 9.202-3
    Windows Server: 2012 R2 Fully Patched
    Windows Client: Windows 8.1
    RDP Client Version: 6.3.9600

    Happy to troubleshoot/debug anything that helps to facilitate this scenario.

    Thanks,
    Tim
Children
No Data
Unfiltered HTML