Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 1133 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF [url_hardening:error] [pid 8351:tid 3900500848] [client IP extern] Hostname in HTTP request (IP) does not match the server name (URL)

Dome96

Hallo zusammen,

in unserer DMZ habe ich ein Anwendungsserver von Siemens installiert, der von extern erreichbar ist.

Um die bereitgestellten Dienste nutzten zu können, ist es notwendig eine eigenständige Software mit diesem Anwendungsserver zu verbinden.

Leider bekommen ich nach dem Start der Software einen Fehler, dass der Server nicht verfügbar sei.

In den Logs der Software bekomme ich folgende Fehlermeldung:

Im Live-Protokoll der WAF bekomme ich folgenden Fehler:

2021:11:10-13:15:40 astaro httpd[8351]: [url_hardening:error] [pid 8351:tid 3900500848] [client IP_EXTERN] Hostname in HTTP request (IP_PUBLIC_WAN) does not match the server name (SUB.DOMAIN.COM)
2021:11:10-13:15:40 astaro httpd: id="0299" srcip="IP_EXTERN" localip="IP_WAN_LOCAL" size="199" user="-" host="IP_EXTERN" method="GET" statuscode="403" reason="-" extra="-" exceptions="-" time="849" url="/" server="IP_PUBLIC_WAN" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YYu37Cb8ZlZG-sPxo6Jj6QAAALE"

Hier noch die Konfiguration meiner WAF:

Um weitere Dienste verfügbar zu machen, habe ich 3 DNAT Regeln erstellt. Dabei bin ich mir jedoch nicht ganz sicher, ob das wirklich der beste und attraktivste Weg ist, um an das gewünschte Ziel zu kommen.

Was kann ich ändern?

Vorab vielen Dank für alle Antworten!



This thread was automatically locked due to age.
Parents
  • 0

    Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    See #5 in Rulz (last updated 2021-02-16).  That means that you could have used a single DNAT with a Services Group.  Selecting Automatische Firewallregel in that DNAT would make the firewall rule redundant.

    "(IP_PUBLIC_WAN) does not match the server name (SUB.DOMAIN.COM)" usually means the request was made using the wrong server name.  So much of your information is blocked out that it's difficult to understand what's configured to give you better guidance.

    Since you don't have a Firewall profile selected in the Virtual Server, I don't understand why a URL Hardening error would be detected.  Maybe an Exception for URL Hardening would work, but we can't see enough detail to suggest what that might look like.

    In the second log line you included, we see statuscode="403" which indicates that the requester is not allowed to access this web page, but that's likely because of the URL Hardening error.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    See #5 in Rulz (last updated 2021-02-16).  That means that you could have used a single DNAT with a Services Group.  Selecting Automatische Firewallregel in that DNAT would make the firewall rule redundant.

    "(IP_PUBLIC_WAN) does not match the server name (SUB.DOMAIN.COM)" usually means the request was made using the wrong server name.  So much of your information is blocked out that it's difficult to understand what's configured to give you better guidance.

    Since you don't have a Firewall profile selected in the Virtual Server, I don't understand why a URL Hardening error would be detected.  Maybe an Exception for URL Hardening would work, but we can't see enough detail to suggest what that might look like.

    In the second log line you included, we see statuscode="403" which indicates that the requester is not allowed to access this web page, but that's likely because of the URL Hardening error.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML