Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 7325 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - statuscode="302" reason="-" extra="-" { Issue since upg to 9.003 }

ffaucher
Hello,

Since I upgraded to 9.003, one of my four internal https sites does not work anymore. Here is what I see in the log :

2012:10:29-14:34:56 fw reverseproxy: srcip="***.***.***.***" localip="zzz.zzz.zzz.zzz" size="91" user="-" host="***.***.***.***" method="GET" statuscode="302" reason="-" extra="-" time="13812" url="/" server="aaa.bbb.com" referer="-" cookie="_filetransfer_session=a0b98b431e960b318fc554c111cf5c29" set-cookie="-" 

This is the error message I got from the browser 

The page isn't redirecting properly  
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

( Yes, I tried with other browser, same issue, and yes I clean all the cache in every test configuration )

I tried all the option in the WAF, still the same result. 
It was working perfectly until I performed the upgrade to 9.003.

Thanks for your excellent product. I'm with you since 5 years.


This thread was automatically locked due to age.
  • 0
    Hi, ffaucher, and welcome to the User BB!

    If this happens with all of the URLs, then you should ask your reseller to open a Support ticket with Sophos.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hello,
    is this solved?
    I've got simlar problems setting up with 9.004 and a new site to use owa.
    see in German Forum.
    Regads Nathan
  • 0
    Considering your post in the German Forum, try Accessing Internal or DMZ Webserver from Internal network (Astaro Security Gateway)

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I was never able to make it work in 9.003 an over. So I went back into 9.002 ( no choice ) I tried everything..
  • 0 in reply to BAlfson
    Considering your post in the German Forum, try Accessing Internal or DMZ Webserver from Internal network (Astaro Security Gateway)

    Cheers - Bob


    YES! - That's it.

    Creating the static DNS and a new network entry with the external domain and internal IP. 
    Bind WAF real webserver to the network entry and virtual webserver to the external interface.

    Bob, thank one more a lot.
    Best wishes
    Nathan
  • 0
    This is not working for me.  Our external IP is 192.168.4.2 so I put a static dns entry for this name and using the internal IP address of the fw 10.10.7.3 and I have the WAF setup for the real server 10.10.70.8 and set for LB.

    2013:04:06-02:49:48 hallfwpp001v reverseproxy: srcip="192.0.2.214" localip="10.10.70.3" size="158" user="-" host="192.0.2.214" method="GET" statuscode="302" reason="-" extra="-" time="11781" url="/" server="www.hal.edu" referer="-" cookie="-" set-cookie="-"
    2013:04:06-02:50:43 hallfwpp001v reverseproxy: srcip="192.0.2.214" localip="10.10.70.3" size="158" user="-" host="192.0.2.214" method="GET" statuscode="302" reason="-" extra="-" time="6235" url="/" server="www.hal.edu" referer="-" cookie="-" set-cookie="-" 

    Any thoughts?
  • 0
    size="158" statuscode="302" time="11781

    I'm not sure why you're getting a redirect statuscode, but you definitely have a configuration issue when the reverseproxy spends almost 12 seconds with 158 bytes.

    Please [Go Advanced] and show pictures of the edits of your Virtual Server, Real Server and any definitions used in them.  Expand any 'Advanced' sections.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Thanks for the response.  I will post as soon as possible as the lab has closed up for the night.
  • 0 in reply to SLGizmo
    Please find attached the configuration settings that I have setup for WAF and let me know your thoughts.

    I made some changes and I am no longer getting the 302 error but now I am getting the following with the attached configuration

    2013:04:08-05:19:17 hallfwpp001v reverseproxy: [Mon Apr 08 05:19:17 2013] [error] [client 192.0.2.214] Hostname in HTTP request (192.168.4.2) does not match the server name (www.hal.edu)

    2013:04:08-05:19:17 hallfwpp001v reverseproxy: srcip="192.0.2.214" localip="10.10.70.3" size="179" user="-" host="192.0.2.214" method="GET" statuscode="403" reason="-" extra="-" time="723" url="/" server="www.hal.edu" referer="-" cookie="-" set-cookie="-"

    Ok so last but not least I modified my test machine's local host file so that 192.168.4.2 = www.hal.edu and I get the default webpage.  So do I set some static DNS entry for 192.168.4.2 on the FireWall?
    waf.zip
  • 0
    The Static DNS Mapping needs to be a full FQDN - at least I think that's still true in V9.

    Hostname in HTTP request (192.168.4.2) does not match the server name (www.hal.edu)

    Did you try to access with http://192.168.4.2?  

    I didn't see your Virtual Server.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?