This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Source-IP filter for web application firewall (reverse proxy)

Hello everybody,

we have a webserver in our DMZ which should only be accessed via the web application firewall (reverse proxy) instead of an direkt access with DNAT. This works fine so far. But is there a possibility to restrict the access to some known/static public ip-addresses?

I have tried to get this done with two firewall rules, but it didn't work.

1. Known IPs >>> TCP/443 >>> External address of Sophos UTM. [ALLOW]
2. Any >>> TCP/443 >>> External address of Sophos UTM. [DROP]

Thanks for your help.

Kind Regards

FlipOnline

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

Flip, considering #2 in Rulz, create a blackhole DNAT for traffic from the unwanted IPs.

To allow only certain IPs, create a NoNAT rule for them followed by a DNAT for all traffic from "Internet."

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

Flip, considering #2 in Rulz, create a blackhole DNAT for traffic from the unwanted IPs.

To allow only certain IPs, create a NoNAT rule for them followed by a DNAT for all traffic from "Internet."

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data