Hi everyone,
We are running a Sophos UTM 9.310-11 on AWS EC2. To protect our web application we are using the Web Application Firewall with the Advanced Protection profile.
In our application we are using direct serving of fonts and fonts with the following MIM-Types.
.ttf application/octet-stream
.woff font/x-woff
.woff2 application/font-woff2
When we are trying to access the fonts using query parameters e.g. …
https://...webfont.woff?v=4.3.0
… the WAF blocks the request with the following entry in the log file.
2015:05:22-00:57:52 n***1 reverseproxy: id="0299" srcip="6*.**.**.*2" localip="1*.**.*.**0" size="256" user="-" host="6*.**.**.*2" method="GET" statuscode="403" reason="form hardening" extra="Received unhardened form data" exceptions="-" time="54745" url="/lib/font-awesome/fonts/fontawesome-webfont.woff" server="REF_RevFroHsanextgen" referer="-" cookie="-" set-cookie="-"
Even though the documentation says the following …
Note – Form hardening affects all files with a HTTP content type of text/* or *xml*, where * is a wildcard. Make sure that other file types, e.g. binary files, have the correct HTTP content type, otherwise they may get corrupted by the form hardening feature.
Anybody came across the same or similar issue?
P.S.: Removing the query parameters in the string avoids the blocking. However, it doesn't help us with our application.
Thanks
Andreas
This thread was automatically locked due to age.
