This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Redirect after WAF Login

I'm using the reverse proxy to expose an internal webapp offloading SSL and user auth to the firewall.  Works fine so far but I don't see a way to have the login form redirect to a specific URL.  If I follow a link to http://www.example.com/foo, I'm redirected to https://www.example.com/login but after I enter valid credentials, it doesn't send me to the /foo URI.  Instead I'm getting the root URI.  Is there a way for the login for to store the URL what was intercepted and redirect there once the user auths successfully?



This thread was automatically locked due to age.
  • Paul, while you're waiting for a better response here, you should get a ticket open with Sophos UTM Support.

    I think the answer to your question is "no" today, but I'd be happy to learn that I'm wrong.  You can use 'Site Path Routing' to direct incoming URIs to their dedicated Real Server, so you might play with that a little to see if you can add a new web server in your environment to achieve what you want.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • http://ideas.sophos.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/17376841-support-setting-httpd-location-field-in-waf-login

    Editing the apache configs to set AuthFormLoginRequiredLocation "/_something_form?LOCATION=%{escape:%{REQUEST_URI}?%{QUERY_STRING}}" gets the originally requested URI and query passed to the form page but I'll need some SSI or something like that on the firewall to do anything with it. 

    I can't be the only person looking for this functionality...

  • Hmmm...   The "Inline Login" functionality of mod_auth_form [1] looks promising.  If I change "AuthFormLoginRequiredLocation" to "ErrorDocument 401" in the generated reverseproxy.conf, I'm getting what I'm looking for.  That should be really easy for the UTM guys to implement.  I'm thinking an "Inline Login" checkbox in the Reverse Auth > Form Templates entry.   When checked, the generated configs use ErrorDocument 401 instead of AuthFormLoginRequiredLocation.

    The only hitch I'm seeing so far is that I end up with a POST action to the originally requested URI but I don't think that's going to be an issue for me.  It would for an exposed REST API though.

    [1] httpd.apache.org/.../mod_auth_form.html