Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 820 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with WAF Sophos XG Home Edition 18.04

Edmundo Baca1

hello community

I have a problem with WAF in sophos XG Home Edition 18.04 ... I have everything configured but unfortunately when scanning with nikto to see vulnerabilities the WAF does not respond or pay attention, as if it did not recognize the attack, also in the log viewer it does not send me no red warning on the WAF.

The strange thing is that I have done this configuration before with Sophos XG home 17.5 and have had no problems.

Please I need your help I don't know what's going on

Attached images of the configuration



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Looking at the second picture, It doesn't show anything serious or related to any possible vulnerabilities. Most of the issues are from the Web Server, not the WAF.

    Including, on the third picture you can see all latest requests received "403" from the WAF, which equals to "Forbidden". (Blocked)

    Moving forward, let's see analyze what "Nikto" detected:

    • The first thing we see is "X-XSS-Protection" & "X-Frame-Options" Headers is not defined. By default the WAF won't include any additional Headers, It's the Web Server job to do this.
    • For the PHP Version, that's a Web Server issue and not a WAF Issue, you should update It as fast as possible.
    • For the "OSVDB-877", you should verify It if isn't a false-positive; Even then, if you have "Protocol Enforcement" enabled, the WAF will give a "403".
    • The "OSVDB-3268" isn't alarming; This is a issue with the Web Server and not the WAF, It means the Web Server indexed the /icons/ folder.
    • "OSVDB-3233", is also an issue with your Web Server and not the WAF.

    At last, almost of the issues are not vulnerabilities, just information warnings that exist because of the Web Server configuration.

    EDIT: I've had to edit this before because my brain isn't functioning correctly today.

Reply
  • 0

    Hello,

    Looking at the second picture, It doesn't show anything serious or related to any possible vulnerabilities. Most of the issues are from the Web Server, not the WAF.

    Including, on the third picture you can see all latest requests received "403" from the WAF, which equals to "Forbidden". (Blocked)

    Moving forward, let's see analyze what "Nikto" detected:

    • The first thing we see is "X-XSS-Protection" & "X-Frame-Options" Headers is not defined. By default the WAF won't include any additional Headers, It's the Web Server job to do this.
    • For the PHP Version, that's a Web Server issue and not a WAF Issue, you should update It as fast as possible.
    • For the "OSVDB-877", you should verify It if isn't a false-positive; Even then, if you have "Protocol Enforcement" enabled, the WAF will give a "403".
    • The "OSVDB-3268" isn't alarming; This is a issue with the Web Server and not the WAF, It means the Web Server indexed the /icons/ folder.
    • "OSVDB-3233", is also an issue with your Web Server and not the WAF.

    At last, almost of the issues are not vulnerabilities, just information warnings that exist because of the Web Server configuration.

    EDIT: I've had to edit this before because my brain isn't functioning correctly today.

Children
No Data