Hello,
I have a issue with the Web Server -> Protection Policies on a 17.0.3 MR3 VM.
I activated the common thread filter and reject mode.
Now I try to find the id for "skip filter rules" in the log file. There is a Knowledge Base ( https://community.sophos.com/kb/en-us/122833 ) for this but the log entry seams to be a UTM-Log entry.
I can´t find the Rule ID in my log and reporting, this is my log-entry:
messageid="17071" log_type="WAF" log_component="Web Application Firewall" user="-" server="..." src_ip="..." local_ip="..." protocol="HTTP/1.1" url="/..." query_string="" cookie="nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; ocp7wejoggqt=...; oc_sessionPassphrase=...; HASH_ocp7wejoggqt=...; HASH_oc_sessionPassphrase=...; HASH_nc_sameSiteCookielax=...; HASH_nc_sameSiteCookiestrict=..." referer="-" method="PUT" response_code="403" reason="WAF Anomaly" extra="Inbound Anomaly Score Exceeded (Total Score: 8, SQLi=, XSS=): Last Matched Message: Request content type is not allowed by policy" content_type="text/html" user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" host="..." response_time="24521" bytes_sent="549" bytes_received="1401" fw_rule_id="3"
Where can I find the Rule ID?
Thanks Much
This thread was automatically locked due to age.