Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 4038 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - WebServer behind IPSec-VPN not working

Steppenwolf

Hej,

i have an problem with the WAF in combination with an IPsec-VPN-tunnel. Following error occours:

 

Forbidden

You don't have permission to access / on this server.

Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.

 

About my network:

Local LAN: 192.168.15.0/24
Local IP of XG: 192.168.15.1
Remote LAN: 192.168.17.0/24
Remote IP of WebServer for WAF: 192.168.17.33
Firmware of XG: v17.5.3

 

Result of tcpdump:

16:46:16.797513 ipsec0, OUT: IP 169.254.234.5.47125 > 192.168.17.33.80: Flags [S], seq 3415650181, win 32440, options [mss 16220,nop,nop,sackOK,nop,wscale 7], length 0

 

I tried following:

  • sys-traffic-nat add destination 192.168.17.0 netmask 255.255.255.0 snatip 192.168.15.1
  • system ipsec_route add net 192.168.17.0/255.255.255.0 tunnelname HeadOffice
  • activated NAT via IPSec connection

Any ideas? Did i forget something or is this a bug?

 



This thread was automatically locked due to age.
Parents
  • 0

    What does the WAF log show when you go to the page? 

  • 0 in reply to MasterRoshi

    [Sat Feb 16 17:27:13.345689 2019] [proxy:error] [pid 18145:tid 140281707050752] (110)Connection timed out: AH00957: HTTP: attempt to connect to 192.168.17.33:80 (192.168.17.33) failed
    [Sat Feb 16 17:27:13.345744 2019] [proxy:error] [pid 18145:tid 140281707050752] AH00959: ap_proxy_connect_backend disabling worker for (192.168.17.33) for 60s
    [Sat Feb 16 17:27:13.345756 2019] [proxy_http:error] [pid 18145:tid 140281707050752] [client 192.168.10.50:58679] AH01114: HTTP: failed to make connection to backend: 192.168.17.33
    [Sat Feb 16 17:27:13.345972 2019] [security2:error] [pid 18145:tid 140281707050752] [client 192.168.10.50:58679] [client 192.168.10.50] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/content/waf/2.7.3/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 503 found within RESPONSE_STATUS: 503"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "www.company.com"] [uri "/"] [unique_id "XGg50n8AAAEAAEbhzKsAAAAF"]
    [Sat Feb 16 17:27:13.346167 2019] [security2:error] [pid 18145:tid 140281707050752] [client 192.168.10.50:58679] [client 192.168.10.50] ModSecurity: Access denied with code 403 (phase 4). Pattern match "(.*)" at TX:0. [file "/content/waf/2.7.3/modsecurity_crs_outbound_blocking.conf"] [line "24"] [id "981200"] [msg "Outbound Anomaly Score Exceeded (score 4): Last Matched Message: The application is not available"] [data "Last Matched Data: 503"] [hostname "www.company.com"] [uri "/"] [unique_id "XGg50n8AAAEAAEbhzKsAAAAF"]
    [Sat Feb 16 17:27:13.346438 2019] [security2:error] [pid 18145:tid 140281707050752] [client 192.168.10.50:58679] [client 192.168.10.50] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/content/waf/2.7.3/modsecurity_crs_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "www.company.com"] [uri "/"] [unique_id "XGg50n8AAAEAAEbhzKsAAAAF"]

    With best regards,

    Steppenwolf

Reply
  • 0 in reply to MasterRoshi

    [Sat Feb 16 17:27:13.345689 2019] [proxy:error] [pid 18145:tid 140281707050752] (110)Connection timed out: AH00957: HTTP: attempt to connect to 192.168.17.33:80 (192.168.17.33) failed
    [Sat Feb 16 17:27:13.345744 2019] [proxy:error] [pid 18145:tid 140281707050752] AH00959: ap_proxy_connect_backend disabling worker for (192.168.17.33) for 60s
    [Sat Feb 16 17:27:13.345756 2019] [proxy_http:error] [pid 18145:tid 140281707050752] [client 192.168.10.50:58679] AH01114: HTTP: failed to make connection to backend: 192.168.17.33
    [Sat Feb 16 17:27:13.345972 2019] [security2:error] [pid 18145:tid 140281707050752] [client 192.168.10.50:58679] [client 192.168.10.50] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/content/waf/2.7.3/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 503 found within RESPONSE_STATUS: 503"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "www.company.com"] [uri "/"] [unique_id "XGg50n8AAAEAAEbhzKsAAAAF"]
    [Sat Feb 16 17:27:13.346167 2019] [security2:error] [pid 18145:tid 140281707050752] [client 192.168.10.50:58679] [client 192.168.10.50] ModSecurity: Access denied with code 403 (phase 4). Pattern match "(.*)" at TX:0. [file "/content/waf/2.7.3/modsecurity_crs_outbound_blocking.conf"] [line "24"] [id "981200"] [msg "Outbound Anomaly Score Exceeded (score 4): Last Matched Message: The application is not available"] [data "Last Matched Data: 503"] [hostname "www.company.com"] [uri "/"] [unique_id "XGg50n8AAAEAAEbhzKsAAAAF"]
    [Sat Feb 16 17:27:13.346438 2019] [security2:error] [pid 18145:tid 140281707050752] [client 192.168.10.50:58679] [client 192.168.10.50] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/content/waf/2.7.3/modsecurity_crs_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "www.company.com"] [uri "/"] [unique_id "XGg50n8AAAEAAEbhzKsAAAAF"]

    With best regards,

    Steppenwolf

Children
Unfiltered HTML