This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is AWS Sohos UTM 9 Showing Internal ELB URL From External curl -v command?

I have my Sophos UTM 9 on AWS configured like this:

CloudFlare <--> AWS External ELB <--> Sophos UTM 9 <--> AWS Internal ELB <--> Web Apps

The AWS Internal ELB is configured as a Virtual Web Server in the WAF.

Firmware Version: 9.352-6

When I run curl -v example.com the response is fine but when I curl -v https://example.com I get the URL of my internal ELB in the response:

-----------------------------------------

curl -v www.example.com
* Rebuilt URL to: www.example.com/
* Trying 104.x.x.x...
* Connected to www.example.com (104.x.x.x) port 80 (#0)
> GET / HTTP/1.1
> Host: www.example.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 07 Jan 2016 10:19:50 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d27dd14ea0f718f1d63ac54c62eb5b8891452161990; expires=Fri, 06-Jan-17 10:19:50 GMT; path=/; domain=.example.com; HttpOnly
< Location: https://www.example.com/
< Server: cloudflare-nginx
< CF-RAY: 260eed35e88c20a2-KIX
<
* Connection #0 to host www.example.com left intact

-----------------------------------------

curl -v https://www.example.com
* Rebuilt URL to: https://www.example.com/
* Trying 104.x.x.x...
* Connected to www.example.com (104.x.x.x) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate: ssl276271.cloudflaressl.com
* Server certificate: COMODO ECC Domain Validation Secure Server CA 2
* Server certificate: COMODO ECC Certification Authority
* Server certificate: AddTrust External CA Root
> GET / HTTP/1.1
> Host: www.example.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: cloudflare-nginx
< Date: Thu, 07 Jan 2016 10:22:11 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=dd0e330f5a9fb27d39b1895c413bbf9e11452162130; expires=Fri, 06-Jan-17 10:22:10 GMT; path=/; domain=.example.com; HttpOnly
< Cache-Control: no-cache
< Location: https://www.example.com/signin
< Set-Cookie: rack.session=a5f0739d1676d601976d213354a0fa3e--ebdb6bc6c830eae92a387f64f8980b82fce05b92349b3785cfcb9feb67634686; path=/; secure; HttpOnly
< Strict-Transport-Security: max-age=15768000
< Vary: Accept-Encoding
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Request-Id: 608f8809-3f48-457c-9280-a02fced8d63f
< X-Runtime: 0.042708
< X-XSS-Protection: 1; mode=block
< CF-RAY: 260ef0a467de2066-KIX
<
* Connection #0 to host www.example.com left intact
<html><body>You are being <a href="internal-xxx-1a-1b-stage-appt-elb-000000000.eu-west-1.elb.amazonaws.com/.../html>

This thread was automatically locked due to age.