Hi,
In the new version v16 it is possible to configure WAF (Web application Filter) for a server on a bridge interface. In version v15 I was not able to use the bridge interface.
When I configured the WAF there is no traffic registered on the business rule or traffic dashboard for the web server protection. So, I guess the WAF is not working, even the reverseproxy log stays empty.
On the internet, I found a possible solution for creating an Alias on the bridge interface. After creating an alias with the IP of the protected server the reverseproxy contains logging and the WAF rule shows traffic.
When surfing to the simple http website with no authentication I receive the message Service unavailable.
You can find the logging from the reverseProxy below.
[proxy:error] [pid 26891:tid 4035922752] (110)Connection timed out: AH00957: HTTP: attempt to connect to xx.xx.xx.xx:80 (sharepoint) failed
[proxy:error] [pid 26891:tid 4035922752] AH00959: ap_proxy_connect_backend disabling worker for (sharepoint) for 60s
[proxy_http:error] [pid 26891:tid 4035922752] [client 169.254.234.5:49100] AH01114: HTTP: failed to make connection to backend: sharepoint
timestamp="1491828044" srcip="169.254.234.5" localip="xx.xx.xx.xx" user="-" host="169.254.234.5" method="GET" statuscode="503" reason="-" extra="-" exceptions="-" duration="15030768" url="/favicon.ico" server="sharepoint" referer="-" cookie="-" set-cookie="-" recvbytes="423" sentbytes="473" protocol="HTTP/1.0" ctype="text/html" uagent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.307 29; .NET CLR 3.5.30729; InfoPath.3)" querystring="" ruleid="23"
I tried the troubleshooting guide on the Sophos website with no luck.
https://community.sophos.com/kb/en-us/124574
My First question does Sophos XG support WAF on bridge interface?
Kinds Regards
This thread was automatically locked due to age.
