Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 44400 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF. The web application firewall has blocked access to /folder. No signature found.

jlbrown

Running 9.400-9

Have set up a virtual server, for a web server for https.

I can get to my landing page OK, when I click on a link to go to a deeper level, I get:

The web application firewall has blocked access to /folder for the following reason: No signature found.

WAF log:

2016:04:08-16:10:40 astaro1-2 reverseproxy: [Fri Apr 08 16:10:40.000689 2016] [core:notice] [pid 6068:tid 4148152000] AH00094: Command line: '/usr/apache/bin/httpd'
2016:04:08-16:10:40 astaro1-2 reverseproxy: [Fri Apr 08 16:10:40.000750 2016] [mpm_worker:warn] [pid 6068:tid 4148152000] AH00291: long lost child came home! (pid 4347)
2016:04:08-16:10:40 astaro1-2 reverseproxy: [Fri Apr 08 16:10:40.000789 2016] [mpm_worker:warn] [pid 6068:tid 4148152000] AH00291: long lost child came home! (pid 4348)
2016:04:08-16:10:40 astaro1-2 reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1777" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2016:04:08-16:10:40 astaro1-2 reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="940" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2016:04:08-16:11:23 astaro1-2 reverseproxy: [Fri Apr 08 16:11:23.281035 2016] [url_hardening:error] [pid 6112:tid 4122884976] [client 1.152.96.56:11171] No signature found, URI: internal.bordo.com.au/folder
2016:04:08-16:11:23 astaro1-2 reverseproxy: [Fri Apr 08 16:11:23.285167 2016] [cookie:error] [pid 6112:tid 4122884976] [client 1.152.96.56:11171] No signature found, cookie: __utma
2016:04:08-16:11:23 astaro1-2 reverseproxy: [Fri Apr 08 16:11:23.285199 2016] [cookie:warn] [pid 6112:tid 4122884976] [client 1.152.96.56:11171] Dropping cookie '__utma' from request due to missing/invalid signature
2016:04:08-16:11:23 astaro1-2 reverseproxy: [Fri Apr 08 16:11:23.285230 2016] [cookie:error] [pid 6112:tid 4122884976] [client 1.152.96.56:11171] No signature found, cookie: __utmz
2016:04:08-16:11:23 astaro1-2 reverseproxy: [Fri Apr 08 16:11:23.285241 2016] [cookie:warn] [pid 6112:tid 4122884976] [client 1.152.96.56:11171] Dropping cookie '__utmz' from request due to missing/invalid signature
2016:04:08-16:11:23 astaro1-2 reverseproxy: id="0299" srcip="1.152.96.56" localip="203.206.204.254" size="209" user="-" host="1.152.96.56" method="GET" statuscode="403" reason="url hardening" extra="No signature found" exceptions="-" time="488705" url="/folder" server="internal.bordo.com.au" referer="-" cookie="-" set-cookie="-"
Settings:
I created the certificate in WebServer Protection/Certificate Management.
Any suggestions?
Thanks,
James.


This thread was automatically locked due to age.
  • 0

    James, have you tried an Exception for URL Hardening for "/folder"?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Hi,

    could you please also post a screenshot of your 'Advanced Protection' firewall profile?

    Sabine

  • 0 in reply to Evianne

    Evianne, do you mean Web Application Firewall/Firewall Profiles?

    James.

  • 0 in reply to BAlfson

    Thanks Bob, thank worked.

    After putting in the Exception for 'Static URL hardening' for /folder, I could get to:

    mydomain/folder/index.php

    But it would not show the login fields on that page. Going back to the Virtual Webserver settings and turning on 'Skip Form hardening' and the username/password field appeared.

    So good that it works, but bad that I've had to forgo these protections.

    Suppose this is just the way it has to be?

  • 0 in reply to jlbrown

    Hi,

    in Static URL hardening you configure so called entry URLs. You have defined '/' as entry URL. Therefore, every link you can reach from '/' is signed.

    But if you make a separate request to '/folder/index.php', this URL has no signature and is therefore blocked. That's how Static URL hardening works.

    If you want to reach '/folder/index.php' without going through a link on '/', then either you have to configure '/folder/index.php' as entry URL or you have to configure an exception for it.


    Sabine

  • 0 in reply to jlbrown

    I believe that your web programmer would need to make some coding changes - I don't think you can "harden" a form in Webserver Protection unless the form is done differently than it is now.

    Cheers - Bob

    PS When I first posted this, I saw your last comment, Sabine - thanks!  Is there a document that describes for our clients' web programmers what they need to adjust in various cases where we have to make an exception or disable a protection altogether?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:

    PS When I first posted this, I saw your last comment, Sabine - thanks!  Is there a document that describes for our clients' web programmers what they need to adjust in various cases where we have to make an exception or disable a protection altogether?

    Yes, some information to give to our web programmer would be very helpful. The more exceptions you have to create, the less useful the WAF becomes.

Unfiltered HTML