WAF - url hardening errors

Question

I'm not 100% sure what is happening here so hopefully somebody could share some light on it. 
 Virtual webserver A (1.1.1.1 mywebserverA.mydomain.com) maps to internal server A (10.1.1.1 http) using reverse Authentication 
 Virtual webserver B (1.1.1.2 mywebserverB.mydomain.com) maps to internal server B (10.1.1.2 https) 
 
 Sometimes when I go to access https://mywebserverB.mydomain.com, I get a 403 "you do not have permission to access these pages on your server" 
 When I look in the logs, the reason it is throwing up this error is because it's trying to go to https://mywebserverA.mydomain.com and the url hardening throws an error due to this. 
 
 2017:02:28-06:45:28 gw01-1 reverseproxy: [Tue Feb 28 06:45:28.632056 2017] [url_hardening:error] [pid 1948:tid 4129786736] [client 88.95.200.45:38427] Hostname in HTTP request (mywebserverB.mydomain.com) does not match the server name (mywebserverA.mydomain.com) 
 
 A couple of minutes later, it seems to play ball and behave itself. I'm not sure why when I request webserver B, the UTM tries to go to webserver A

Florian Bartsch · Accepted Answer

Hi Louis, 
 this is really strange. :-( 
 Are you sure that there are no DNS issues in your environment? Do you have more than one DNS servers that you can shutdown them one by one to exclude this kind of problems? 
 
 Greets, 
 Flo

Louis-M · Answer

Hi Florian, 
 I think I may have solved the issue and it was indeed a dns issue. 
 When I was replacing our Cisco's last year, I put the external dns name into the dns request routing on the UTM. 
 So externally, my request would have gone to ISP > UTM > which then routed the dns for myexternaldomain.com to my internal dns servers. Now the internal ones had the internal domain & the external domain ie so mobile users who had the external link could use the internal ip when within the network. The usual stuff. 
 My mistake here was to put the request routing for the external domain into the UTM which caused the UTM to translate any request going to myexternaldomain.com to the internal ip 
 Any external user within our network would first hit out internal dns servers which have our external domain entered so that is fine. By entering the request routing into the UTM for myexternaldomain.com, anybody on the outside would have been getting resolved to the UTM which was then getting mixed up because it was forwarding the request onto the internal dns where as ultimately, it should have forwarded it onto the ISP and got the real external IP. 
 Took a little bit of thinking about as the WAF logs didn't really show anything apart from it going to the wrong url but after clearing all the dns caches everywhere and removing the external to internal dns request routing, it's finally working. Fingers crossed.....