Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 5930 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.5 WAF for autodiscover

Jiri Benes

Hello guys,

I´m trying to solve a problem with connecting Outlook to my Exchange 2016 server.

Emails and everything works fine but I can not Outlook get going when I try to setup Outlook using autodiscover I´m getting this into log on my Sophos UTM


2017:12:27-15:41:42 gw httpd: id="0299" srcip="80.95.120.21" localip="90.178.33.112" size="242" user="-" host="80.95.120.21" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="122278" url="/autodiscover/autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="gazppjkfni_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" uid="WkOxJqwQAQEAACWEqpUAAAAv"
2017:12:27-15:41:42 gw httpd: id="0299" srcip="80.95.120.21" localip="90.178.33.112" size="274" user="-" host="80.95.120.21" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" time="666" url="/autodiscover/autodiscover.xml" server="REF_RevFroExchaAutod_redirect_ssl" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WkOxJqwQAQEAACWEqpYAAAAm"

2017:12:27-15:41:42 gw httpd: id="0299" srcip="80.95.120.21" localip="90.178.33.112" size="242" user="-" host="80.95.120.21" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="86821" url="/autodiscover/autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="OutlookSession=\"{61F832E0-614D-4FFA-909E-F037869ECF73}\"" set-cookie="gazppjkfni_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" uid="WkOxJqwQAQEAACWEqpcAAAAr"

2017:12:27-15:41:42 gw httpd: id="0299" srcip="80.95.120.21" localip="90.178.33.112" size="274" user="-" host="80.95.120.21" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" time="2247" url="/autodiscover/autodiscover.xml" server="REF_RevFroExchaAutod_redirect_ssl" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WkOxJqwQAQEAACWEqpgAAAAm"

2017:12:27-15:41:42 gw httpd: id="0299" srcip="80.95.120.21" localip="90.178.33.112" size="242" user="-" host="80.95.120.21" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="88147" url="/autodiscover/autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="OutlookSession=\"{61F832E0-614D-4FFA-909E-F037869ECF73}\"" set-cookie="gazppjkfni_cookie=;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;httponly;secure" uid="WkOxJqwQAQEAACWEqpkAAAAu"


I did use this to page to setup my UTM with Exchnage 2016
www.frankysweb.de/.../

Everything with Exchange works but Outlook so I think I missed something in WAF:(

 

Here is my settings:

 

 

 

 

 

 




Thanks for any help!

Regards

Jiri



This thread was automatically locked due to age.
Parents
  • 0

    Hi Jiri,

    please try with "Skip Filter Rules" 960015, 981200 and 981205.

     

    With these my autodiscover is working perfectly.

    Viele Grüße / Best Regards,
    Manu

    - CISO -
    - Sophos SCA & Partner-

  • 0 in reply to ManuelAbeledo

    Hey Manuel,

    I added these rules and tested with testconnectivity.microsoft.com and now I´m getting this

     

    2017:12:28-20:55:02 gw httpd[16093]: [security2:error] [pid 16093:tid 4087556976] [client 13.67.59.89] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMFqwQAQEAAD7dIG8AAAAF"]
     
    2017:12:28-20:55:02 gw httpd[16093]: [security2:error] [pid 16093:tid 4087556976] [client 13.67.59.89] ModSecurity: Warning. Pattern match "\\\\bServer Error in.{0,50}?\\\\bApplication\\\\b" at RESPONSE_BODY. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "131"] [id "970904"] [rev "2"] [msg "IIS Information Leakage"] [data "Matched Data: Server Error in '/Autodiscover' Application found within RESPONSE_BODY: <!DOCTYPE html>\\x0d\\x0a<html>\\x0d\\x0a <head>\\x0d\\x0a <title>Runtime Error</title>\\x0d\\x0a <meta name=\\x22viewport\\x22 content=\\x22width=device-width\\x22 />\\x0d\\x0a <style>\\x0d\\x0a body {font-family:\\x22Verdana\\x22;font-weight:normal;font-size: .7em;color:black;} \\x0d\\x0a p {font-family:\\x22Verdana\\x22;font-weight:normal;color:black;margin-top: -5px}\\x0d\\x0a b {font-family:..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/ERRORS_IIS"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMFqwQAQEAAD7dIG8AAAAF"]
     
    2017:12:28-20:55:02 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="3432" user="-" host="13.67.59.89" method="OPTIONS" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening" time="419449" url="/Autodiscover/Autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMFqwQAQEAAD7dIG8AAAAF"
     
    2017:12:28-20:55:03 gw httpd[16093]: [security2:error] [pid 16093:tid 4079164272] [client 13.67.59.89] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMF6wQAQEAAD7dIHAAAAAG"]
    2017:12:28-20:55:03 gw httpd[16093]: [security2:error] [pid 16093:tid 4079164272] [client 13.67.59.89] ModSecurity: Warning. Pattern match "\\\\bServer Error in.{0,50}?\\\\bApplication\\\\b" at RESPONSE_BODY. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "131"] [id "970904"] [rev "2"] [msg "IIS Information Leakage"] [data "Matched Data: Server Error in '/Autodiscover' Application found within RESPONSE_BODY: <!DOCTYPE html>\\x0d\\x0a<html>\\x0d\\x0a <head>\\x0d\\x0a <title>Runtime Error</title>\\x0d\\x0a <meta name=\\x22viewport\\x22 content=\\x22width=device-width\\x22 />\\x0d\\x0a <style>\\x0d\\x0a body {font-family:\\x22Verdana\\x22;font-weight:normal;font-size: .7em;color:black;} \\x0d\\x0a p {font-family:\\x22Verdana\\x22;font-weight:normal;color:black;margin-top: -5px}\\x0d\\x0a b {font-family:..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/ERRORS_IIS"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMF6wQAQEAAD7dIHAAAAAG"]
     
    2017:12:28-20:55:03 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="3432" user="-" host="13.67.59.89" method="POST" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening" time="384741" url="/Autodiscover/Autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMF6wQAQEAAD7dIHAAAAAG"
     
    2017:12:28-20:55:04 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="274" user="-" host="13.67.59.89" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" time="2354" url="/Autodiscover/Autodiscover.xml" server="REF_RevFroExchaAutod_redirect_ssl" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMGKwQAQEAAD7dIHEAAAAI"
     
    2017:12:28-20:55:07 gw httpd[16093]: [security2:error] [pid 16093:tid 4037200752] [client 13.67.59.89] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMG6wQAQEAAD7dIHIAAAAL"]
     
    2017:12:28-20:55:07 gw httpd[16093]: [security2:error] [pid 16093:tid 4037200752] [client 13.67.59.89] ModSecurity: Warning. Pattern match "\\\\bServer Error in.{0,50}?\\\\bApplication\\\\b" at RESPONSE_BODY. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "131"] [id "970904"] [rev "2"] [msg "IIS Information Leakage"] [data "Matched Data: Server Error in '/Autodiscover' Application found within RESPONSE_BODY: <!DOCTYPE html>\\x0d\\x0a<html>\\x0d\\x0a <head>\\x0d\\x0a <title>Runtime Error</title>\\x0d\\x0a <meta name=\\x22viewport\\x22 content=\\x22width=device-width\\x22 />\\x0d\\x0a <style>\\x0d\\x0a body {font-family:\\x22Verdana\\x22;font-weight:normal;font-size: .7em;color:black;} \\x0d\\x0a p {font-family:\\x22Verdana\\x22;font-weight:normal;color:black;margin-top: -5px}\\x0d\\x0a b {font-family:..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/ERRORS_IIS"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMG6wQAQEAAD7dIHIAAAAL"]
     
    2017:12:28-20:55:07 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="3432" user="-" host="13.67.59.89" method="OPTIONS" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening" time="64314" url="/Autodiscover/Autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMG6wQAQEAAD7dIHIAAAAL"
     
    2017:12:28-20:55:08 gw httpd[16093]: [security2:error] [pid 16093:tid 4028808048] [client 13.67.59.89] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMHKwQAQEAAD7dIHMAAAAM"]
     
    2017:12:28-20:55:08 gw httpd[16093]: [security2:error] [pid 16093:tid 4028808048] [client 13.67.59.89] ModSecurity: Warning. Pattern match "\\\\bServer Error in.{0,50}?\\\\bApplication\\\\b" at RESPONSE_BODY. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "131"] [id "970904"] [rev "2"] [msg "IIS Information Leakage"] [data "Matched Data: Server Error in '/Autodiscover' Application found within RESPONSE_BODY: <!DOCTYPE html>\\x0d\\x0a<html>\\x0d\\x0a <head>\\x0d\\x0a <title>Runtime Error</title>\\x0d\\x0a <meta name=\\x22viewport\\x22 content=\\x22width=device-width\\x22 />\\x0d\\x0a <style>\\x0d\\x0a body {font-family:\\x22Verdana\\x22;font-weight:normal;font-size: .7em;color:black;} \\x0d\\x0a p {font-family:\\x22Verdana\\x22;font-weight:normal;color:black;margin-top: -5px}\\x0d\\x0a b {font-family:..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/ERRORS_IIS"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMHKwQAQEAAD7dIHMAAAAM"]
     
    2017:12:28-20:55:08 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="3432" user="-" host="13.67.59.89" method="POST" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening" time="341946" url="/Autodiscover/Autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMHKwQAQEAAD7dIHMAAAAM"
     
    2017:12:28-20:59:11 gw httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="108" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1419" url="/lb-status" server="localhost" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WkVND6wQAQEAAD7dIHQAAAAN"
     
     
    Here is also part of result 
     
     
    Jiri
Reply
  • 0 in reply to ManuelAbeledo

    Hey Manuel,

    I added these rules and tested with testconnectivity.microsoft.com and now I´m getting this

     

    2017:12:28-20:55:02 gw httpd[16093]: [security2:error] [pid 16093:tid 4087556976] [client 13.67.59.89] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMFqwQAQEAAD7dIG8AAAAF"]
     
    2017:12:28-20:55:02 gw httpd[16093]: [security2:error] [pid 16093:tid 4087556976] [client 13.67.59.89] ModSecurity: Warning. Pattern match "\\\\bServer Error in.{0,50}?\\\\bApplication\\\\b" at RESPONSE_BODY. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "131"] [id "970904"] [rev "2"] [msg "IIS Information Leakage"] [data "Matched Data: Server Error in '/Autodiscover' Application found within RESPONSE_BODY: <!DOCTYPE html>\\x0d\\x0a<html>\\x0d\\x0a <head>\\x0d\\x0a <title>Runtime Error</title>\\x0d\\x0a <meta name=\\x22viewport\\x22 content=\\x22width=device-width\\x22 />\\x0d\\x0a <style>\\x0d\\x0a body {font-family:\\x22Verdana\\x22;font-weight:normal;font-size: .7em;color:black;} \\x0d\\x0a p {font-family:\\x22Verdana\\x22;font-weight:normal;color:black;margin-top: -5px}\\x0d\\x0a b {font-family:..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/ERRORS_IIS"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMFqwQAQEAAD7dIG8AAAAF"]
     
    2017:12:28-20:55:02 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="3432" user="-" host="13.67.59.89" method="OPTIONS" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening" time="419449" url="/Autodiscover/Autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMFqwQAQEAAD7dIG8AAAAF"
     
    2017:12:28-20:55:03 gw httpd[16093]: [security2:error] [pid 16093:tid 4079164272] [client 13.67.59.89] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMF6wQAQEAAD7dIHAAAAAG"]
    2017:12:28-20:55:03 gw httpd[16093]: [security2:error] [pid 16093:tid 4079164272] [client 13.67.59.89] ModSecurity: Warning. Pattern match "\\\\bServer Error in.{0,50}?\\\\bApplication\\\\b" at RESPONSE_BODY. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "131"] [id "970904"] [rev "2"] [msg "IIS Information Leakage"] [data "Matched Data: Server Error in '/Autodiscover' Application found within RESPONSE_BODY: <!DOCTYPE html>\\x0d\\x0a<html>\\x0d\\x0a <head>\\x0d\\x0a <title>Runtime Error</title>\\x0d\\x0a <meta name=\\x22viewport\\x22 content=\\x22width=device-width\\x22 />\\x0d\\x0a <style>\\x0d\\x0a body {font-family:\\x22Verdana\\x22;font-weight:normal;font-size: .7em;color:black;} \\x0d\\x0a p {font-family:\\x22Verdana\\x22;font-weight:normal;color:black;margin-top: -5px}\\x0d\\x0a b {font-family:..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/ERRORS_IIS"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMF6wQAQEAAD7dIHAAAAAG"]
     
    2017:12:28-20:55:03 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="3432" user="-" host="13.67.59.89" method="POST" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening" time="384741" url="/Autodiscover/Autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMF6wQAQEAAD7dIHAAAAAG"
     
    2017:12:28-20:55:04 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="274" user="-" host="13.67.59.89" method="GET" statuscode="301" reason="-" extra="-" exceptions="-" time="2354" url="/Autodiscover/Autodiscover.xml" server="REF_RevFroExchaAutod_redirect_ssl" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMGKwQAQEAAD7dIHEAAAAI"
     
    2017:12:28-20:55:07 gw httpd[16093]: [security2:error] [pid 16093:tid 4037200752] [client 13.67.59.89] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMG6wQAQEAAD7dIHIAAAAL"]
     
    2017:12:28-20:55:07 gw httpd[16093]: [security2:error] [pid 16093:tid 4037200752] [client 13.67.59.89] ModSecurity: Warning. Pattern match "\\\\bServer Error in.{0,50}?\\\\bApplication\\\\b" at RESPONSE_BODY. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "131"] [id "970904"] [rev "2"] [msg "IIS Information Leakage"] [data "Matched Data: Server Error in '/Autodiscover' Application found within RESPONSE_BODY: <!DOCTYPE html>\\x0d\\x0a<html>\\x0d\\x0a <head>\\x0d\\x0a <title>Runtime Error</title>\\x0d\\x0a <meta name=\\x22viewport\\x22 content=\\x22width=device-width\\x22 />\\x0d\\x0a <style>\\x0d\\x0a body {font-family:\\x22Verdana\\x22;font-weight:normal;font-size: .7em;color:black;} \\x0d\\x0a p {font-family:\\x22Verdana\\x22;font-weight:normal;color:black;margin-top: -5px}\\x0d\\x0a b {font-family:..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/ERRORS_IIS"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMG6wQAQEAAD7dIHIAAAAL"]
     
    2017:12:28-20:55:07 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="3432" user="-" host="13.67.59.89" method="OPTIONS" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening" time="64314" url="/Autodiscover/Autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMG6wQAQEAAD7dIHIAAAAL"
     
    2017:12:28-20:55:08 gw httpd[16093]: [security2:error] [pid 16093:tid 4028808048] [client 13.67.59.89] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMHKwQAQEAAD7dIHMAAAAM"]
     
    2017:12:28-20:55:08 gw httpd[16093]: [security2:error] [pid 16093:tid 4028808048] [client 13.67.59.89] ModSecurity: Warning. Pattern match "\\\\bServer Error in.{0,50}?\\\\bApplication\\\\b" at RESPONSE_BODY. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "131"] [id "970904"] [rev "2"] [msg "IIS Information Leakage"] [data "Matched Data: Server Error in '/Autodiscover' Application found within RESPONSE_BODY: <!DOCTYPE html>\\x0d\\x0a<html>\\x0d\\x0a <head>\\x0d\\x0a <title>Runtime Error</title>\\x0d\\x0a <meta name=\\x22viewport\\x22 content=\\x22width=device-width\\x22 />\\x0d\\x0a <style>\\x0d\\x0a body {font-family:\\x22Verdana\\x22;font-weight:normal;font-size: .7em;color:black;} \\x0d\\x0a p {font-family:\\x22Verdana\\x22;font-weight:normal;color:black;margin-top: -5px}\\x0d\\x0a b {font-family:..."] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/LEAKAGE/ERRORS_IIS"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "autodiscover.same-time.cz"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "WkVMHKwQAQEAAD7dIHMAAAAM"]
     
    2017:12:28-20:55:08 gw httpd: id="0299" srcip="13.67.59.89" localip="90.178.33.112" size="3432" user="-" host="13.67.59.89" method="POST" statuscode="500" reason="-" extra="-" exceptions="SkipURLHardening" time="341946" url="/Autodiscover/Autodiscover.xml" server="autodiscover.same-time.cz" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="WkVMHKwQAQEAAD7dIHMAAAAM"
     
    2017:12:28-20:59:11 gw httpd: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="108" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1419" url="/lb-status" server="localhost" port="80" query="" referer="-" cookie="-" set-cookie="-" uid="WkVND6wQAQEAAD7dIHQAAAAN"
     
     
    Here is also part of result 
     
     
    Jiri
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML