Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 3 subscribers
  • Views 20884 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF not working, Exclamation mark next to real server sometimes

jlbrown

I am having problems getting the WAF to work and stay working. Version 9.401-11.

Neither the https or http site works.

Live Log:

2016:04:21-23:20:08 astaro1-1 reverseproxy: [Thu Apr 21 23:20:08.590380 2016] [core:warn] [pid 1763:tid 4147332800] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined
2016:04:21-23:20:08 astaro1-1 reverseproxy: [Thu Apr 21 23:20:08.590466 2016] [core:warn] [pid 1763:tid 4147332800] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined
2016:04:21-23:20:08 astaro1-1 reverseproxy: [Thu Apr 21 23:20:08.594872 2016] [core:warn] [pid 1763:tid 4147332800] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined
2016:04:21-23:20:08 astaro1-1 reverseproxy: [Thu Apr 21 23:20:08.594952 2016] [core:warn] [pid 1763:tid 4147332800] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined
2016:04:21-23:20:08 astaro1-1 reverseproxy: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroInterPlain] does not exist
2016:04:21-23:20:08 astaro1-1 reverseproxy: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroInterna443] does not exist
2016:04:21-23:20:09 astaro1-1 reverseproxy: [Thu Apr 21 23:20:09.000937 2016] [mpm_worker:notice] [pid 1763:tid 4147332800] AH00292: Apache/2.4.10 (Unix) OpenSSL/1.0.1k configured -- resuming normal operations
2016:04:21-23:20:09 astaro1-1 reverseproxy: [Thu Apr 21 23:20:09.001001 2016] [core:notice] [pid 1763:tid 4147332800] AH00094: Command line: '/usr/apache/bin/httpd'
2016:04:21-23:20:09 astaro1-1 reverseproxy: [Thu Apr 21 23:20:09.001088 2016] [mpm_worker:warn] [pid 1763:tid 4147332800] AH00291: long lost child came home! (pid 27535)
2016:04:21-23:20:09 astaro1-1 reverseproxy: [Thu Apr 21 23:20:09.001122 2016] [mpm_worker:warn] [pid 1763:tid 4147332800] AH00291: long lost child came home! (pid 27536)

I'm new to the whole WAF section, so trying to find out what I'm doing wrong.

If I connect to the work network via VPN I can go to the internal IP and the web page appears no problems. So the problem is not with the real server working.

Page is just a simple html page, just text and links.

Any suggestions?

Thanks, James.



This thread was automatically locked due to age.
Parents
  • 0

    My configuration is different from yours as I am using HTTPS only. However, I would recommend changing the Firewall profile to No Profile first to test. Also, check the "Pass host header" check box. I had to sign my TLS cert with www.mydomain.com in order for https://mydomain.com in order to get https to work. Finally, my site path is set to /. I noticed in your log that there is an error for /var/www/REF_RevFroInterPlain. You might need to setup a site path route. 

  • 0 in reply to c53f35a0

    Thanks JackBlack. I thought I had it working yesterday (green ticks against Real Webservers) but today they are all yellow exclamation marks.

    Virtual Webserver settings:

    Real web server settings:

    The host mail.bordo.com.au has its local IP. 192.168.x.x

    Just have '/' for Site Path Route:

    Logs:

    2016:04:24-23:49:30 astaro1-1 reverseproxy: [Sun Apr 24 23:49:30.489979 2016] [mpm_worker:notice] [pid 1763:tid 4147332800] AH00297: SIGUSR1 received. Doing graceful restart
    2016:04:24-23:49:30 astaro1-1 reverseproxy: [Sun Apr 24 23:49:30.518806 2016] [core:warn] [pid 1763:tid 4147332800] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined
    2016:04:24-23:49:30 astaro1-1 reverseproxy: [Sun Apr 24 23:49:30.519246 2016] [core:warn] [pid 1763:tid 4147332800] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined
    2016:04:24-23:49:30 astaro1-1 reverseproxy: [Sun Apr 24 23:49:30.520167 2016] [core:warn] [pid 1763:tid 4147332800] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined
    2016:04:24-23:49:30 astaro1-1 reverseproxy: [Sun Apr 24 23:49:30.520427 2016] [core:warn] [pid 1763:tid 4147332800] AH00111: Config variable ${URLHardening_HTTP_Hostname} is not defined
    2016:04:24-23:49:30 astaro1-1 reverseproxy: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroInterPlain] does not exist
    2016:04:24-23:49:30 astaro1-1 reverseproxy: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroMailbo8090] does not exist
    2016:04:24-23:49:30 astaro1-1 reverseproxy: AH00112: Warning: DocumentRoot [/var/www/REF_RevFroInterna443] does not exist
    2016:04:24-23:49:31 astaro1-1 reverseproxy: [Sun Apr 24 23:49:31.000965 2016] [mpm_worker:notice] [pid 1763:tid 4147332800] AH00292: Apache/2.4.10 (Unix) OpenSSL/1.0.1k configured -- resuming normal operations
    2016:04:24-23:49:31 astaro1-1 reverseproxy: [Sun Apr 24 23:49:31.001021 2016] [core:notice] [pid 1763:tid 4147332800] AH00094: Command line: '/usr/apache/bin/httpd'
    2016:04:24-23:49:31 astaro1-1 reverseproxy: [Sun Apr 24 23:49:31.001094 2016] [mpm_worker:warn] [pid 1763:tid 4147332800] AH00291: long lost child came home! (pid 21274)
    2016:04:24-23:49:31 astaro1-1 reverseproxy: [Sun Apr 24 23:49:31.001128 2016] [mpm_worker:warn] [pid 1763:tid 4147332800] AH00291: long lost child came home! (pid 21275)

    Again, I can go to the site using https://192.168.x.x/path/to/page.php, but not to https://mail.bordo.com.au/path/to/page.php because the browser "can't establish a secure connection to the server 'mail.bordo.com.au'".

    James.

  • 0 in reply to jlbrown

    You know, James, sometimes I see the yellow exclamation, but everything just works.  If you wind up turning in a ticket to Support on this, please let us know what they say.


    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to jlbrown

    You know, James, sometimes I see the yellow exclamation, but everything just works.  If you wind up turning in a ticket to Support on this, please let us know what they say.


    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob.

    Sadly the yellow exclamation mark means what it says for me.:

    Filed a support ticket. I'm in Asia Pacific region, so hopefully will get a reply in the morning. Will post reply here in case others experience similar problem.

    James.

Unfiltered HTML