Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 18072 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange 2013 not working through WAF

cstanley
I configured WAF for Exchange based on these instructions:  https://sophserv.sophos.com/repo_kb/120454/file/Exchange%20WAF%20How%20to%209%202%20new.pdf

I use an AD CA so all of my certs are self-signed.  I also tried to generate new certs within Sophos UTM and neither is working.

When I go here: https://domain.com/owa, I receive this error:

Request blocked

The web application firewall has blocked access to /owa/auth/logon.aspx for the following reason:

No signature found

Not sure what is going on.  Any ideas?

UTM version is 9.210-20


This thread was automatically locked due to age.
Parents
  • 0
    Looking at the logs, it's redirecting to autodiscover URL even though I'm not attempting to go there.

    2014:12:14-00:00:57 UTM reverseproxy: [Sun Dec 14 00:00:57.466382 2014] [url_hardening:error] [pid 6181:tid 2813307760] [client 10.27.90.158:38613] Hostname in HTTP request (domain.com) does not match the server name (autodiscover.domain.com)
    2014:12:14-00:00:57 UTM reverseproxy: id="0299" srcip="10.27.90.158" localip="174.56.87.184" size="229" user="-" host="10.27.90.158" method="OPTIONS" statuscode="403" reason="-" extra="-" exceptions="-" time="4338" url="/Microsoft-Server-ActiveSync" server="autodiscover.domain.com" referer="-" cookie="-" set-cookie="-"
    2014:12:14-00:00:57 UTM reverseproxy: [Sun Dec 14 00:00:57.538509 2014] [url_hardening:error] [pid 6181:tid 2804915056] [client 10.27.90.158:58635] Hostname in HTTP request (domain.com) does not match the server name (autodiscover.domain.com)
    2014:12:14-00:00:57 UTM reverseproxy: id="0299" srcip="10.27.90.158" localip="174.56.87.184" size="229" user="-" host="10.27.90.158" method="OPTIONS" statuscode="403" reason="-" extra="-" exceptions="-" time="3050" url="/Microsoft-Server-ActiveSync" server="autodiscover.domain.com" referer="-" cookie="-" set-cookie="-"
    2014:12:14-00:00:57 UTM reverseproxy: [Sun Dec 14 00:00:57.609804 2014] [url_hardening:error] [pid 6181:tid 3023125360] [client 10.27.90.158:53593] Hostname in HTTP request (domain.com) does not match the server name (autodiscover.domain.com)

    I'm new to this (Kind of).  Fixing to go back to port forwarding it.
Reply
  • 0
    Looking at the logs, it's redirecting to autodiscover URL even though I'm not attempting to go there.

    2014:12:14-00:00:57 UTM reverseproxy: [Sun Dec 14 00:00:57.466382 2014] [url_hardening:error] [pid 6181:tid 2813307760] [client 10.27.90.158:38613] Hostname in HTTP request (domain.com) does not match the server name (autodiscover.domain.com)
    2014:12:14-00:00:57 UTM reverseproxy: id="0299" srcip="10.27.90.158" localip="174.56.87.184" size="229" user="-" host="10.27.90.158" method="OPTIONS" statuscode="403" reason="-" extra="-" exceptions="-" time="4338" url="/Microsoft-Server-ActiveSync" server="autodiscover.domain.com" referer="-" cookie="-" set-cookie="-"
    2014:12:14-00:00:57 UTM reverseproxy: [Sun Dec 14 00:00:57.538509 2014] [url_hardening:error] [pid 6181:tid 2804915056] [client 10.27.90.158:58635] Hostname in HTTP request (domain.com) does not match the server name (autodiscover.domain.com)
    2014:12:14-00:00:57 UTM reverseproxy: id="0299" srcip="10.27.90.158" localip="174.56.87.184" size="229" user="-" host="10.27.90.158" method="OPTIONS" statuscode="403" reason="-" extra="-" exceptions="-" time="3050" url="/Microsoft-Server-ActiveSync" server="autodiscover.domain.com" referer="-" cookie="-" set-cookie="-"
    2014:12:14-00:00:57 UTM reverseproxy: [Sun Dec 14 00:00:57.609804 2014] [url_hardening:error] [pid 6181:tid 3023125360] [client 10.27.90.158:53593] Hostname in HTTP request (domain.com) does not match the server name (autodiscover.domain.com)

    I'm new to this (Kind of).  Fixing to go back to port forwarding it.
Children
No Data
Unfiltered HTML