Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 7414 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP Camera not working in WAF

PatrickHener
Hi folks,

I got a little problem and I hope you can possibly help me.
I have a wansview NCM630-W camera in my network and I am having troubles to get it working with the Webserverprotection.

If I access it via NAT everything is working fine. But when I try to access it via WAF it won't "login".

The camera itself is secured via Basic Auth.

So I created a virtual server https://domainname:8443 which points to the real server ip:80 of the camera.
There is an reverse authentication with "form" and backend mode "none".
So I am asked for the cameras credentials after authenticating with the reverse proxy.

I wiresharked and dumped the whole communication seeing differences in NAT and WAF. I Will paste it so you can see the difference and hopefully someone knows how to resolve the problem:

First GET Package in Wireshark of NAT 
GET /cgi-bin/hi3510/param.cgi?cmd=getuserinfo HTTP/1.1\r\n



Full request URI: domainname.de:2103/.../param.cgi


Wireshark same GET of WAF 
GET / HTTP/1.1\r\n

Full request URI: http://domainname.de:80/



and 



GET /cgi-bin/hi3510/getidentify.cgi HTTP/1.1\r\n

Full request URI: domainname.de/.../getidentify.cgi


ReverseProxy.log 
2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="225" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="45703" url="/web/admin.html" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5498" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="43828" url="/web/mainpage.html" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="213" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="40294" url="/web/blank.html" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="204" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="46931" url="/web/cgi-bin/hi3510/param.cgi" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="1189" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="42037" url="/web/js/public.js" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="249" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="36212" url="/web/js/language.js" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="8849" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="42801" url="/web/language/deutsch.js" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="224" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="57278" url="/web/images/v_lt.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="65" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="73130" url="/web/images/h_bg.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="3348" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="75551" url="/web/images/logo1.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="222" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="84148" url="/web/images/v_rt.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="82" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="93505" url="/web/images/v_bgt.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:51 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5105" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="36356" url="/web/images/112.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5159" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="47694" url="/web/images/113.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5025" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="54416" url="/web/images/111.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="947" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="45744" url="/web/images/x1.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="1323" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="57837" url="/web/images/x4.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="1147" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="42314" url="/web/images/x9.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="1009" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="34941" url="/web/images/topl.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="2517" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="35188" url="/web/images/up.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="995" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="35364" url="/web/images/topr.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="3178" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="43944" url="/web/images/left.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="1083" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="46856" url="/web/images/center.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="1047" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="40883" url="/web/images/stop.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="2881" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="54704" url="/web/images/right.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="1589" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="36333" url="/web/images/downl.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="3044" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="37443" url="/web/images/down.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="1307" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="37733" url="/web/images/downr.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5814" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="46021" url="/web/images/set.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5885" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="40356" url="/web/images/call.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5367" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="37135" url="/web/images/hpatrol_up.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5414" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="45307" url="/web/images/vpatrol_up.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5569" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="62998" url="/web/images/snap.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5732" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="51910" url="/web/images/rec.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="5287" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="38448" url="/web/images/sd.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="6119" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="34760" url="/web/images/play.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="83" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="59570" url="/web/images/h_bgr.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="224" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="36172" url="/web/images/v_ld.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:52 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="82" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="38435" url="/web/images/v_bg.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:53 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="225" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="41522" url="/web/images/v_rd.gif" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:53 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="4505" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="45397" url="/web/images/syset.png" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:54 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="32233" user="admin" host="195.243.110.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="829499" url="/web/images/cbg.jpg" server="domainname.de" referer="domainname.de:8443/.../;httponly;secure"

2015:06:18-12:39:55 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="472" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"

2015:06:18-12:39:56 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="455" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"

2015:06:18-12:39:57 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="422" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"

2015:06:18-12:39:58 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="576" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"

2015:06:18-12:40:00 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="537" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"

2015:06:18-12:40:01 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="3965" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"

2015:06:18-12:40:02 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="543" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"

2015:06:18-12:40:03 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="476" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"

2015:06:18-12:40:05 domainname reverseproxy: id="0299" srcip="195.243.110.2" localip="78.43.192.183" size="362" user="-" host="195.243.110.2" method="GET" statuscode="400" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="377" url="/" server="domainname.de" referer="-" cookie="-" set-cookie="-"


It seems like the WAF is rewriting the source to domainname:80 which might be incorrect whereas the NAT is not rewriting at all. So if the request still goes to 2103 there will be an answer of the IP CAM. If it is going to domainname:80 it will be directed to my other webserver in my network and there will be no answer.

Has anybody an idea how I may resolve that problem. If you need further information I will provide them.

Thanks in advance,
Patrick


This thread was automatically locked due to age.
  • 0
    I have a few more information. i got a better wireshark result. Domainname and user password are not real for security reasons.

    Let's see what nat is doing

    First time i navigate to the page following happens: 

    GET /cgi-bin/hi3510/param.cgi?cmd=getuserinfo HTTP/1.1\r\n

    domainname.de:2103/.../param.cgi


    Then I see an unauthorized Frame and getting the basic auth in Firefox: 

    HTTP/1.1 401 Unauthorized\r\n


    Then I enter the credentials and get: 

    GET /cgi-bin/hi3510/param.cgi?cmd=getuserinfo HTTP/1.1\r\n

    domainname.de:2103/.../param.cgi

    Authorization: Basic YWRtaW46b25seTRtaWE=\r\n

    Credentials: user[:P]assword

    

    Full request URI: domainname.de:2103/.../param.cgi


    with attached Credentials. Next is: 

    HTTP/1.1 200 OK\r\n

    var name="user";

    var password="password";

    var authLevel="15";

    var enable="1";


    So then I click on Video-Stream which loads up the stream and control site: 

    GET /web/cgi-bin/hi3510/param.cgi?cmd=getvencattr&-chn=11&cmd=getvencattr&-chn=12&cmd=getvencattr&-chn=13&cmd=getsetupflag HTTP/1.1

    Full request URI: domainname.de:2103/.../param.cgi


    Again I am asked for credentials: 

    HTTP/1.1 401 Unauthorized\r\n

    WWW-Authenticate: Basic realm="web/cgi-bin/hi3510/param.cgi"\r\n


    Again I enter the credentials and they are attached: 


    GET /web/cgi-bin/hi3510/param.cgi?cmd=getvencattr&-chn=11&cmd=getvencattr&-chn=12&cmd=getvencattr&-chn=13&cmd=getsetupflag HTTP/1.1

    

    Authorization: Basic YWRtaW46b25seTRtaWE=\r\n

    Credentials: user[:P]assword

    

    Full request URI: domainname.de:2103/.../param.cgi

    

    

    Reply: HTTP/1.1 200 OK\r\n

    var bps_1="2048";

    var fps_1="10";

    var gop_1="20";

    var brmode_1="1";

    var imagegrade_1="1";

    var width_1="1280";

    var height_1="720";

    var bps_2="512";

    var fps_2="10";

    var gop_2="20";

    var brmode_2="1";

    var imagegrade_2="1";

    var width_2="640";

    var height_2="352";

    var bps_3="90";

    var fps_3="10";

    var gop_3="50";

    var brmode_3="1";

    var imagegrade_3="1";

    var width_3="320";

    var height_3="176";

    var name0="user";

    var password0="password";

    var authLevel0="15";

    var enable0="1";


    It now switches to domainname:80 

    GET / HTTP/1.1\r\n

    Full request URI: http://domainname.de:80/


    It then does the "getidentify.cgi" part twice: 


    GET /cgi-bin/hi3510/getidentify.cgi HTTP/1.1\r\n

    Full request URI: domainname.de/.../getidentify.cgi

    

    HTTP/1.1 200 OK\r\n

    var productid="C5F0S7Z0N1P0L0V0";

    var vendorid="smarteye";

    

    GET /cgi-bin/hi3510/getidentify.cgi HTTP/1.1\r\n

    Full request URI: domainname.de/.../getidentify.cgi

    

    HTTP/1.1 200 OK\r\n

    var productid="C5F0S7Z0N1P0L0V0";

    var vendorid="smarteye";


    Then It gets the video attributes and starts the stream. At this time I am seeing the actual stream in Firefox. Note that it gets the stream from domainname:2103 again: 

    GET /cgi-bin/hi3510/param.cgi?cmd=getvideoattr HTTP/1.1\r\n

    Full request URI: domainname.de/.../param.cgi

    

    HTTP/1.1 200 OK\r\n

    var videomode="31";

    var vinorm="N";

    

    

    GET domainname.de:2103/.../11

    HTTP/1.1 200 OK\r\n

    Media Type: application/octet-stream (135 bytes)

    Cseq: 1

    m=video 96 H264/90000/1280/720

    m=audio 97 G726/8000/1

    Transport: RTP/AVP/TCP;unicast;hisiinterleaved=0-1;ssrc=1315634022


    At last its doing this: 

    GET /cgi-bin/hi3510/getvencattr.cgi?-chn=11 HTTP/1.1\r\n

    Full request URI: domainname.de/.../getvencattr.cgi

    

    HTTP/1.1 200 OK\r\n

    var bps_1="2048";

    var fps_1="10";

    var gop_1="20";

    var brmode_1="1";

    var imagegrade_1="1";

    var width_1="1280";

    var height_1="720";


    So far for nat.


    Now lets look for the waf method again:

    I navigate to https://domainname:8443/ which is my virtual webserver.
    Then I got prompted for the Sophos Credentials.
    The I get prompted for the IP Cam Credentials.

    Nothing of this I am seeing in wireshark. No unauthorized packages etc. So I then see the main menu and I click on video-stream.

    It will then produce the following 4 packages 11 times before the streaming site will say "login failed..."

    Package 1: 

    GET / HTTP/1.1\r\n

    Full request URI: http://domainname.de:80/


    Package 2: 

    HTTP/1.1 200 OK\r\n

    

    

    

    

    

    

    

    [---] output omitted [---]


    Thats the server which is hosted under domainname:80.

    Package 3: 

    GET /cgi-bin/hi3510/getidentify.cgi HTTP/1.1\r\n

    Authorization: Basic YWRtaW46b25seTRtaWE=\r\n

    Credentials: user[:P]assword


    The Credentials are already attached.

    And Package 4: 

    HTTP/1.1 400 Bad Request\r\n

    

    

    400 Bad Request

    

    Bad Request
    

    Your browser sent a request that this server could not understand.
    

    Reason: You're speaking plain HTTP to an SSL-enabled server port.
    

     Instead use the HTTPS scheme to access this URL, please.


    I guess that has to be my webserver which is not able to respond to the request.

    Yeah and thats about all. It tries 11 times the it quits with login failed.


    If anyone has an idea what to try next I would be very pleased, because I don't know what to do anymore.

    Thanks in advance,
    Patrick
  • 0 in reply to PatrickHener
    Well, nobody? I didn't expect that. Okay then... [:@]
  • 0
    Can you give the camera an FQDN that's different from the web server?  I guess that when the UTM sees a port 80 request for the same FQDN, that is sent to the webserver.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    That is in fact a pretty good idea, despite the fact that my domain doesn't have subdomains per contract. So there is no chance to do that [:@]
  • 0 in reply to PatrickHener
    A little update. I think we are getting close. I upgraded my domain contract so i have now the subdomain webcam.domainname.de. I then configured a new virtual Webserver listening to webcam.domainname.de and sending the requests directly to the Wansview Cam.

    Now I see the following Packages, but login still Fails:

    Package 1: 
    GET / HTTP/1.1\r\n

    Full request URI: webcam.domainname.de:80/


    Package 2: 
    HTTP/1.1 301 Moved Permanently\r\n

    

    

    301 Moved Permanently

    

    Moved Permanently
    

    The document has moved here.


    Package 3: 
    GET /cgi-bin/hi3510/getidentify.cgi HTTP/1.1

    Full request URI: webcam.domainname.de/.../getidentify.cgi


    Package 4: 
    HTTP/1.1 301 Moved Permanently\r\n

    

    

    301 Moved Permanently

    

    Moved Permanently
    

    The document has moved here.


    And then it repeats..

    Browsing to:"webcam.domainname.de:443/.../getidentify.cgi" results in what I would expect: 
    var productid="C5F0S7Z0N1P0L0V0"; var vendorid="smarteye"; 


    That's what the nat method would reply.
    So why doesn't that work with the waf feature? Doesn't make any sense.

    So if anybody knows something just shoot.

    Thanks in advance,
    Patrick
  • 0 in reply to PatrickHener
    Another Update: Using HTTPS & Redirect as virtual server method results in 403 Forbidden again. Because at 
    http://webcam.domainname.de
     there is nothing hosted right now.

    So how the hell should I manage to get that working?

    Thanks in advance,
    Patrick
Unfiltered HTML