Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 8239 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dropping cookie **** from request due to missing/invalid signature

wingman
Hi All

I have recently enabled WAF and it works fine. I am getting the following warning message  


[warn] [client 82.***.***.100] Dropping cookie 'nas_tree_y' from request due to missing/invalid signature, referer: https://*****.dyndns.org:****/cgi-bin/html/login.html?3.5.1.1002T 


I am connecting via SSL and I have the following options enabled:
NAS Firewall profile 
Mode: reject 
Attack Patterns: Cross Site Scripting
                     SQL Injection 
 
Cookie signing: enabled 
URL Hardening: disabled 
Form Hardening: disabled 
AntiVirus scanning: Single Scan (Uploads only) 
Block clients with bad reputation: enabled 
 
What do I need to do to fix this warning? Is it something I need to do on the webserver(i.e. enter the Cookie Signing Secret on the web server)?

Also I've noticed that the dashboard shows "Web Application Security is active, 0 requests served today" even though I am having multiple connections to the web server

THanks


This thread was automatically locked due to age.
  • 0

    Also I've noticed that the dashboard shows "Web Application Security is active, 0 requests served today" even though I am having multiple connections to the web server

    Thanks


    anyone having the same issue?
  • 0 in reply to wingman
    Known issue, I believe (the 0 requests issue) ... have it here as well.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    I haven't had a chance to try the 8.300 beta yet but I guess this issue is not yet resolved (looking at the notes)
  • 0
    Hi, Wingman and Bruce - I just confirmed that the issue is not resolved in 8.290 which is RC1.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Thanks Bob for the response. I guess this is logged as an issue to be fixed in a version to come(?). Do you know which version?(can't find it under the known issues)

    Thanks
  • 0
    I am still getting this on my 9.005016 version

    2013:03:07-14:57:21 *** reverseproxy: [Thu Mar 07 14:57:21 2013] [warn] [client 83.244.219.66] Dropping cookie 'nas_wfm_pageSize' from request due to missing/invalid signature, referer: https://***.****:****/cgi-bin/html/login.html?20130301
    2013:03:07-14:57:21 *** reverseproxy: [Thu Mar 07 14:57:21 2013] [warn] [client 83.244.219.66] Dropping cookie 'undefined' from request due to missing/invalid signature, referer: https://***.****:****/cgi-bin/html/login.html?20130301
    2013:03:07-14:57:21 *** reverseproxy: [Thu Mar 07 14:57:21 2013] [warn] [client 83.244.219.66] Dropping cookie 'nas_lang' from request due to missing/invalid signature, referer: https://***.****:****/cgi-bin/html/login.html?20130301
    2013:03:07-14:57:21 *** reverseproxy: [Thu Mar 07 14:57:21 2013] [warn] [client 83.244.219.66] Dropping cookie 'nas_tree_x' from request due to missing/invalid signature, referer: https://***.****:****/cgi-bin/html/login.html?20130301


    As as result the login page of my NAS is not properly displayed. Is that because the webserver doesn't sets a cookie?
  • 0
    Hi.  I have the same "dropping cookie" issue.  

    Here's my environment:
    - I'm running the Sophos UTM as a software appliance within a Hyper-V environment. 
    - I'm serving both HTTP and HTTPS web sites.
    - The web sites being served are primarily based on the DotNetNuke platform.
    - Current Firmware: 9.105-9
    - My log files have been full of these messages for months.

    My Web Application Firewall profile has only the following settings enabled:
    - Mode: reject
    - Cookie signing
    - Antivirus scanning, Single Engine, Uploads Only
    - Block unscannable content
    - Block clients with bad reputation

    I rebuilt my appliance from scratch from the 9.105-9 ISO on Wednesday night.  No dice.  I still had the issue.

    I disabled "cookie signing" within the WAF profile, and this got rid of the messages.  Of course, the cookies are no longer being secured either, which is not my intention.

    Has anyone been able to use the "Cookie Signing" feature without having reams of cookies being dropped?


    See Ya!
    Van
  • 0
    Hi, one possibility is that users have saved cookies from before the cookie-signing was turned on; if that is the case, the errors should diminish over time.

    Barry
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?