Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 7157 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Web Server externally error (You do not have permission to...)

RaymondPalms

Hi There,

 

So we have an XG Firewall setup, running "SFOS 17.1.2 MR-2", have been trying today to get a server on the LAN which hosts a web interface to be accessible externally, documentation for this server says it requires a Reverse Proxy setup which I have done, I have tried to port forward to the reverse proxy as well but that does not seem to work, if I port forward to the reverse proxy and go to PUBLIC_IP:80, the revers proxy just sends back the internal server name and tells the web browser to go to that.

 

Server IP: 192.168.0.50

Reverse Proxy(Ubuntu) IP: 192.168.0.51

I trie the following:

1.) Hosts and Services > IP Host > Create a IP host for 192.168.0.51

2.) Hosts and Services > Services > "Add" a new service with "TCP/UDP", Source Port "1:65535", Destination Port "80"

3.) Firewall > DNAT Rule :

Source Zones: Any

Allowed Client Networks: Any

Desination host/Network*: Port1- PUBLICIP

Services: Used new entry created in step 2

Protected Servers: Used new entry created in step 1

Protected Zone: LAN

Enabled "Rewrite source address (Masquerading)

 

With the above when I go to PUBLICIP:80, the reverse proxy tells the web browser to go to https://INTERNAL_SERVER_NAME/example_path/example_index.jsp

 

I then tried the following:

1.) Hosts and Services > IP Host > Create a IP host for 192.168.0.51

2.) Hosts and Services > Services > "Add" a new service with "TCP/UDP", Source Port "1:65535", Destination Port "80"

3.) Web Server > Created a web server, Host "192.168.0.51", type "HTTP", Port "80"

4.) Firewall > WAF:

Hosted Address: Port 1-PUBLICIP

Listening Port: 80

Web server List: Used new entry created in step 3

Allowed Client Networks: Any IPv4

 

When I go to PUBLICIP:80, the url it tries to redirect to is https://PUBLICIP/example_path/example_index.jsp, this always comes back with a "You do not have permission to access / on this server", I've tried the "Path-specific routing" and "Exceptions" options but that did not make any difference, could this also be a misconfiguration on the Reverse Proxy ?

 

Any help is appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    you are sending port 80 to the server but you are showing an error of port 443, please review the log viewer report and show what you see when you try to connect to the server?

    What does your browser show as connection type, eg a number of browsers default to https, so you might need to be explicit with your url.

    Ian

Reply
  • 0

    Hi,

    you are sending port 80 to the server but you are showing an error of port 443, please review the log viewer report and show what you see when you try to connect to the server?

    What does your browser show as connection type, eg a number of browsers default to https, so you might need to be explicit with your url.

    Ian

Children
No Data