Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1583 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting WAF to work

RChadwick
I'm not sure if my setup is working or not, but from what I can tell it's not. I do see things in the log, but it doesn't mention what's being accessed. Also, as a test, I configured google.com as a real server, to see if my website would be redirected to Google (It wasn't).
This is what I did:
(If I didn't mention it, I left it at defaults)

New Real Webserver

Host: mywebname.com



New virtual Webserver
domains:
mywebname.com
mywebname.com

Interface: External

Real Webservers: The real one I configured

Firewall: No Profile

---------------------------------
The Web Application Firewall Live Log has this:

2013:05:14-11:08:24 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2525" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:09:40 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="423" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:09:41 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="263" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:09:43 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="57" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="288" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:09:44 abc reverseproxy: [Tue May 14 11:09:44 2013] [notice] SIGHUP received. Attempting to restart
 
2013:05:14-11:09:45 abc reverseproxy: [Tue May 14 11:09:45 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:12:28 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2436" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:12:41 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="398" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:12:41 abc reverseproxy: [Tue May 14 11:12:41 2013] [notice] SIGHUP received. Attempting to restart
 
2013:05:14-11:12:43 abc reverseproxy: [Tue May 14 11:12:43 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:12:43 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2411" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:13 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2452" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:13 abc reverseproxy: [Tue May 14 11:13:13 2013] [notice] SIGUSR1 received. Doing graceful restart
 
2013:05:14-11:13:15 abc reverseproxy: [Tue May 14 11:13:15 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:13:15 abc reverseproxy: [Tue May 14 11:13:15 2013] [warn] long lost child came home! (pid 14905)
 
2013:05:14-11:13:15 abc reverseproxy: [Tue May 14 11:13:15 2013] [warn] long lost child came home! (pid 14907)
 
2013:05:14-11:13:15 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2973" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:35 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2047" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:35 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="453" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:13:38 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="313" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:14:25 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="114" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="562" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:14:33 abc reverseproxy: [Tue May 14 11:14:33 2013] [notice] SIGHUP received. Attempting to restart
 
2013:05:14-11:14:34 abc reverseproxy: [Tue May 14 11:14:34 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:14:34 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="3344" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:14:34 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2187" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:15:29 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2399" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:13 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="452" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:23 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="311" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:23 abc reverseproxy: [Tue May 14 11:16:23 2013] [notice] SIGHUP received. Attempting to restart
 
2013:05:14-11:16:24 abc reverseproxy: [Tue May 14 11:16:24 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:16:24 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="103" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="5981" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:54 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="103" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2094" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:16:54 abc reverseproxy: [Tue May 14 11:16:54 2013] [notice] SIGUSR1 received. Doing graceful restart
 
2013:05:14-11:16:56 abc reverseproxy: [Tue May 14 11:16:56 2013] [notice] Apache/2.2.22 (Unix) proxy_html/3.1.2 mod_ssl/2.2.22 OpenSSL/1.0.0k configured -- resuming normal operations
 
2013:05:14-11:16:56 abc reverseproxy: [Tue May 14 11:16:56 2013] [warn] long lost child came home! (pid 16441)
 
2013:05:14-11:16:56 abc reverseproxy: [Tue May 14 11:16:56 2013] [warn] long lost child came home! (pid 16444)
 
2013:05:14-11:16:56 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2491" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:17:13 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="2369" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:17:46 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="451" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:17:46 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="311" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
 
2013:05:14-11:30:30 abc reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="115" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="903" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-" 
--------------------------------------------------------------------

Is this right? Is the configuration right?
Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    I've been playing with this more, purposefully misconfiguring the real server, virtual server, and Site Path Routing. No matter what I do, I can still access the website without issue. So, I have two questions:

    1) Is there a proper way to test the WAF? Ideally, a firewall profile that blocks everything would let me know at least that my configuration is mostly right.

    2) I currently have a DNAT configured to open port 80 for the webserver, and a Full NAT configured so I can access the webserver from the LAN. Do I need to change or remove these?

    Thanks again.
Reply
  • 0
    I've been playing with this more, purposefully misconfiguring the real server, virtual server, and Site Path Routing. No matter what I do, I can still access the website without issue. So, I have two questions:

    1) Is there a proper way to test the WAF? Ideally, a firewall profile that blocks everything would let me know at least that my configuration is mostly right.

    2) I currently have a DNAT configured to open port 80 for the webserver, and a Full NAT configured so I can access the webserver from the LAN. Do I need to change or remove these?

    Thanks again.
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?