Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 414 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS WAF redirect loop

Omar Murad

Set up: Client <---> Sophos HTTPS WAF (Ports 80 & 443) <---> HTTP Wordpress Server (Port 80)

The reverse proxy seems to keep redirecting me to HTTPS on port 443 despite the request being for HTTPS on port 443.

~$ wget http://blog.mysite.com/ -O /dev/null
--2021-10-20 15:31:39--  http://blog.mysite.com/
Resolving blog.mysite.com (blog.mysite.com)... 123.123.123.123
Connecting to blog.mysite.com (blog.mysite.com)|123.123.123.123|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://blog.mysite.com:443/ [following]
--2021-10-20 15:31:39--  https://blog.mysite.com/
Connecting to blog.mysite.com (blog.mysite.com)|123.123.123.123|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://blog.mysite.com:443/ [following]
--2021-10-20 15:31:39--  https://blog.mysite.com/
Reusing existing connection to blog.mysite.com:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://blog.mysite.com:443/ [following]
--2021-10-20 15:31:39--  https://blog.mysite.com/
Reusing existing connection to blog.mysite.com:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://blog.mysite.com:443/ [following]

The WAF behaves the same when the initial request is for HTTPS on port 443.

I looked at the reverse proxy config file at /cfs/waf/reverseproxy.conf and there are no redirect directives under the HTTPS (port 443) VirtualHost, so I'm confused as to how I end up in a redirect loop.

I set up a packet capture on the HTTP server and noticed that none of these requests are hitting the web server, just a ping-pong between the client and HTTPS WAF reverse proxy.

/log/reverseproxy.log:

[Wed Oct 20 15:46:42.791833 2021] timestamp="1634759202" srcip="172.16.2.212" localip="123.123.123.123" user="-" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" duration="1269" url="/" server="blog.mysite.com" referer="-" cookie="-" set-cookie="-" recvbytes="1161" sentbytes="4990" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="30"
[Wed Oct 20 15:46:42.844237 2021] timestamp="1634759202" srcip="169.254.234.5" localip="123.123.123.123" user="-" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" duration="248" url="/" server="blog.mysite.com" referer="-" cookie="-" set-cookie="-" recvbytes="624" sentbytes="488" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="30"
[Wed Oct 20 15:46:42.843673 2021] timestamp="1634759202" srcip="172.16.2.212" localip="123.123.123.123" user="-" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" duration="1374" url="/" server="blog.mysite.com" referer="-" cookie="-" set-cookie="-" recvbytes="1161" sentbytes="4990" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="30"
[Wed Oct 20 15:46:42.876101 2021] timestamp="1634759202" srcip="169.254.234.5" localip="123.123.123.123" user="-" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" duration="413" url="/" server="blog.mysite.com" referer="-" cookie="-" set-cookie="-" recvbytes="624" sentbytes="488" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="30"
[Wed Oct 20 15:46:42.875577 2021] timestamp="1634759202" srcip="172.16.2.212" localip="123.123.123.123" user="-" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" duration="1300" url="/" server="blog.mysite.com" referer="-" cookie="-" set-cookie="-" recvbytes="1161" sentbytes="4990" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="30"

Also I'm not sure why some requests are coming from a self-assigned IP, as highlighted above.



This thread was automatically locked due to age.