Hosting a web site in XG firewall

Please post your firewall rule covering the server, it should be a business rule.

Ian

yes it is a business rule ;

You are using a WAF.

https://community.sophos.com/kb/en-us/124574

Try to troubleshoot this with this KBA. 

this is second attempt on fresh install. Does product need this type of diag? Yes i looked at this. Web server logs show receiving calls, rule shows data accumulating, just barks about no permission, set for no log in or auth on site and it works fine elsewhere. i suspect its an XG setting just don't know what one.

WAF is kinda complex in setting up. Because you need to understand, what a URL Harding is, what a Site path routing and the reverse authentication. 

There are couple of Guides, how to do it.

https://community.sophos.com/kb/en-us/126470

https://community.sophos.com/kb/en-us/122829

https://community.sophos.com/kb/en-us/122828

I will take a look thank you.

still no luck, went over all these docs,add  new business rule still not working correctly. here is from log of rule;

2019-02-19 15:45:13Web Server Protectionmessageid="17071" log_type="WAF" log_component="Web Application Firewall" user="-" server="www.xx.com" src_ip="72.139.195.203" local_ip="192.168.0.32" protocol="HTTP/1.1" url="/dotnetnuke/ContactUs.aspx" query_string="" cookie="__utmz=80821778.1549162625.1.1.utmcsr=xx.com|utmccn=(referral)|utmcmd=referral|utmcct=/; .ASPXANONYMOUS=0fzmRiC8yolbUjui0wjqo7KbynFiVUoI58Z-o0KIoHwq2664CIel1Wl9BReA1VJmo8otxRbepfSeeY-1cvAI65rJJLBdvj9V53Gy19m3ShjN637q0; language=en-US; __RequestVerificationToken_L2RvdG5ldG51a2U1=pkJ-q0iR735w-c3yznM9pL4oKd7pTmqjR46wG-SScUlYO5xR8eGMfQ5sf_f8oX5lS_ZjBg2; __utma=80821778.1910479675.1549162625.1549162625.1550605920.2; __utmc=80821778; __utmt=1; __utmb=80821778.20.10.1550605920" referer="www.xx.com/.../ContactUs.aspx" method="GET" response_code="403" reason="-" extra="-" content_type="text/html" user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36" host="72.139.195.203" response_time="663" bytes_sent="436" bytes_received="963" fw_rule_id="11"

still no luck, went over all these docs,add  new business rule still not working correctly. here is from log of rule;

2019-02-19 15:45:13Web Server Protectionmessageid="17071" log_type="WAF" log_component="Web Application Firewall" user="-" server="www.xx.com" src_ip="72.139.195.203" local_ip="192.168.0.32" protocol="HTTP/1.1" url="/dotnetnuke/ContactUs.aspx" query_string="" cookie="__utmz=80821778.1549162625.1.1.utmcsr=xx.com|utmccn=(referral)|utmcmd=referral|utmcct=/; .ASPXANONYMOUS=0fzmRiC8yolbUjui0wjqo7KbynFiVUoI58Z-o0KIoHwq2664CIel1Wl9BReA1VJmo8otxRbepfSeeY-1cvAI65rJJLBdvj9V53Gy19m3ShjN637q0; language=en-US; __RequestVerificationToken_L2RvdG5ldG51a2U1=pkJ-q0iR735w-c3yznM9pL4oKd7pTmqjR46wG-SScUlYO5xR8eGMfQ5sf_f8oX5lS_ZjBg2; __utma=80821778.1910479675.1549162625.1549162625.1550605920.2; __utmc=80821778; __utmt=1; __utmb=80821778.20.10.1550605920" referer="www.xx.com/.../ContactUs.aspx" method="GET" response_code="403" reason="-" extra="-" content_type="text/html" user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36" host="72.139.195.203" response_time="663" bytes_sent="436" bytes_received="963" fw_rule_id="11"

so a couple of things i see;

web server receives requests

when using server ID utility (GRC.com)two things are different;

1. web server is Apache when behind XG but iis when behind /TMG and it is IIS

2. in the server response http/1.1 200ok content length 323,when behind TMG but is 404 not found and length is 256 behind XG 

No idea what to do about it.