WAF Request Redirection

Any documentation on this feature. In particular I'm looking for wildcard support.

Parents
  • Hi,

    the official documentation is delivered with the GA release.

    I try to explain the feature with an example. One of the main use cases would be an Exchange setup where users
    just want to enter http://mymail.local and are redirected automatically to https://mymail.local/owa.

    The setup would be the following:

    Virtual Webserver:
     * name: Mail
     * domain: mymail.local
     * HTTPS with HTTP redirect
     * port 443
     * no real webserver configured !!!

    Site Path Routing:
     * name: /owa
     * virutal webserver: Mail
     * path: /owa
     * real webservers: your_backend_server

    Request Redirection:
     * name: / to /owa
     * source virtual webserver: Mail
     * source path: /
     * target host: mymail.local
     * target path: /owa
     * target protocol: Encrypted (HTTPS)
     * target port: 443
     * response code: Moved Permanently (301)


    In general, it's not possible to use wildcards but maybe you explain your use case.

    Best,
     Sabine

  • Hello Sabine,

    but this only works as you have pointed out, if you have an explicite Site-path-routing for /owa. There we are back to the old problem, that you will have to have a mess of site path routes!

    In former times people had to restrict the entry pathes via site-path-routing. Then sophos decided to move this to the firewall profiles. This was realy good, since people could go back to the default site-path-route.

    No the same problem is back in a different way. If you redirect / to /owa, this will have a conflict with the / route. grrrrrrrrrrr*********!!!

    Ok, at least there is now an integrated way to redirect users from http to https when accessing the user-portal. Here is how i've done this:

    Virtual Webserver:
     * name: userportal-redirect
     * domain: userportal.mydomain.com
     * HTTP
     * port 80
     * no real webserver configured !!!

    Request Redirection:

     * name: userportal to https
     * source virtual webserver: userportal-redirect
     * source path: /
     * target host: userportal.mydomain.com
     * target path: /
     * target protocol: Encrypted (HTTPS)
     * target port: 443
     * response code: Moved Permanently (301)

    This is useful for me, but for the owa I still recomend my customers to do redirection on the IIS-Server.

    Maybe Sophos thinks about this again...

    Regards, Rolf

Reply
  • Hello Sabine,

    but this only works as you have pointed out, if you have an explicite Site-path-routing for /owa. There we are back to the old problem, that you will have to have a mess of site path routes!

    In former times people had to restrict the entry pathes via site-path-routing. Then sophos decided to move this to the firewall profiles. This was realy good, since people could go back to the default site-path-route.

    No the same problem is back in a different way. If you redirect / to /owa, this will have a conflict with the / route. grrrrrrrrrrr*********!!!

    Ok, at least there is now an integrated way to redirect users from http to https when accessing the user-portal. Here is how i've done this:

    Virtual Webserver:
     * name: userportal-redirect
     * domain: userportal.mydomain.com
     * HTTP
     * port 80
     * no real webserver configured !!!

    Request Redirection:

     * name: userportal to https
     * source virtual webserver: userportal-redirect
     * source path: /
     * target host: userportal.mydomain.com
     * target path: /
     * target protocol: Encrypted (HTTPS)
     * target port: 443
     * response code: Moved Permanently (301)

    This is useful for me, but for the owa I still recomend my customers to do redirection on the IIS-Server.

    Maybe Sophos thinks about this again...

    Regards, Rolf

Children
No Data