Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1584 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting WAF to work

RChadwick
I'm not sure if my setup is working or not, but from what I can tell it's not. I do see things in the log, but it doesn't mention what's being accessed. Also, as a test, I configured google.com as a real server, to see if my website would be redirected to Google (It wasn't).
This is what I did:
(If I didn't mention it, I left it at defaults)

New Real Webserver

Host: mywebname.com



New virtual Webserver
domains:
mywebname.com
mywebname.com

Interface: External

Real Webservers: The real one I configured

Firewall: No Profile

---------------------------------
The Web Application Firewall Live Log has this:

2013:05:14-11:08:24 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2525" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:09:40 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="423" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:09:41 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="263" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:09:43 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="288" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:09:44 abc reverseproxy: [Tue May 14 11:09:44 2013] [notice] SIGHUP received. Attempting to restart
 
2013:05:14-11:09:45 abc reverseproxy: [Tue May 14 11:09:45 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:12:28 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2436" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:12:41 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="398" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:12:41 abc reverseproxy: [Tue May 14 11:12:41 2013] [notice] SIGHUP received. Attempting to restart
 
2013:05:14-11:12:43 abc reverseproxy: [Tue May 14 11:12:43 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:12:43 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2411" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:13 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2452" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:13 abc reverseproxy: [Tue May 14 11:13:13 2013] [notice] SIGUSR1 received. Doing graceful restart
 
2013:05:14-11:13:15 abc reverseproxy: [Tue May 14 11:13:15 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:13:15 abc reverseproxy: [Tue May 14 11:13:15 2013] [warn] long lost child came home! (pid 14905)
 
2013:05:14-11:13:15 abc reverseproxy: [Tue May 14 11:13:15 2013] [warn] long lost child came home! (pid 14907)
 
2013:05:14-11:13:15 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2973" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:35 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2047" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:35 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="453" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:38 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="313" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:14:25 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="562" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:14:33 abc reverseproxy: [Tue May 14 11:14:33 2013] [notice] SIGHUP received. Attempting to restart
 
2013:05:14-11:14:34 abc reverseproxy: [Tue May 14 11:14:34 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:14:34 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="3344" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:14:34 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2187" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:15:29 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2399" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:13 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="452" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:23 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="311" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:23 abc reverseproxy: [Tue May 14 11:16:23 2013] [notice] SIGHUP received. Attempting to restart
 
2013:05:14-11:16:24 abc reverseproxy: [Tue May 14 11:16:24 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:16:24 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="103" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="5981" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:54 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="103" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2094" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:54 abc reverseproxy: [Tue May 14 11:16:54 2013] [notice] SIGUSR1 received. Doing graceful restart
 
2013:05:14-11:16:56 abc reverseproxy: [Tue May 14 11:16:56 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:16:56 abc reverseproxy: [Tue May 14 11:16:56 2013] [warn] long lost child came home! (pid 16441)
 
2013:05:14-11:16:56 abc reverseproxy: [Tue May 14 11:16:56 2013] [warn] long lost child came home! (pid 16444)
 
2013:05:14-11:16:56 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2491" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:17:13 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2369" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:17:46 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="451" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:17:46 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="311" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:30:30 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="903" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-" 
--------------------------------------------------------------------

Is this right? Is the configuration right?
Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    In the Virtual Server, just use FQDNs - no "http//"

    If you want to test WAF from an internal device, use the Internal interface in the Virtual Server and set up DNS to point the FQDN at the IP of "Internal (Address)."  Since you likely have Web Filtering enabled, you'll also want to change the port of the Virtual Server to something other than 80 or 8080.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    In the Virtual Server, just use FQDNs - no "http//"

    If you want to test WAF from an internal device, use the Internal interface in the Virtual Server and set up DNS to point the FQDN at the IP of "Internal (Address)."  Since you likely have Web Filtering enabled, you'll also want to change the port of the Virtual Server to something other than 80 or 8080.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?