Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 7156 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Web Server externally error (You do not have permission to...)

RaymondPalms

Hi There,

 

So we have an XG Firewall setup, running "SFOS 17.1.2 MR-2", have been trying today to get a server on the LAN which hosts a web interface to be accessible externally, documentation for this server says it requires a Reverse Proxy setup which I have done, I have tried to port forward to the reverse proxy as well but that does not seem to work, if I port forward to the reverse proxy and go to PUBLIC_IP:80, the revers proxy just sends back the internal server name and tells the web browser to go to that.

 

Server IP: 192.168.0.50

Reverse Proxy(Ubuntu) IP: 192.168.0.51

I trie the following:

1.) Hosts and Services > IP Host > Create a IP host for 192.168.0.51

2.) Hosts and Services > Services > "Add" a new service with "TCP/UDP", Source Port "1:65535", Destination Port "80"

3.) Firewall > DNAT Rule :

Source Zones: Any

Allowed Client Networks: Any

Desination host/Network*: Port1- PUBLICIP

Services: Used new entry created in step 2

Protected Servers: Used new entry created in step 1

Protected Zone: LAN

Enabled "Rewrite source address (Masquerading)

 

With the above when I go to PUBLICIP:80, the reverse proxy tells the web browser to go to https://INTERNAL_SERVER_NAME/example_path/example_index.jsp

 

I then tried the following:

1.) Hosts and Services > IP Host > Create a IP host for 192.168.0.51

2.) Hosts and Services > Services > "Add" a new service with "TCP/UDP", Source Port "1:65535", Destination Port "80"

3.) Web Server > Created a web server, Host "192.168.0.51", type "HTTP", Port "80"

4.) Firewall > WAF:

Hosted Address: Port 1-PUBLICIP

Listening Port: 80

Web server List: Used new entry created in step 3

Allowed Client Networks: Any IPv4

 

When I go to PUBLICIP:80, the url it tries to redirect to is https://PUBLICIP/example_path/example_index.jsp, this always comes back with a "You do not have permission to access / on this server", I've tried the "Path-specific routing" and "Exceptions" options but that did not make any difference, could this also be a misconfiguration on the Reverse Proxy ?

 

Any help is appreciated.



This thread was automatically locked due to age.