Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 38284 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

mod_proxy_wstunnel?

theRat_01
What plans are there to include mod_proxy_wstunnel in the Webserver Protection so that websites using websockets can be hosted behind the UTM?

This requires the use of apache 2.4.5 (or later).  There is an updated module in 2.4.9.  Currently the UTM is using 2.4.4 so it is not available to even try and test by modifying the config from the console.

Cheers
Simon


This thread was automatically locked due to age.
  • 0
    This is a use-to-user forum, not a communication conduit to Sophos, so it's unlikely that your question will be answered definitively here.  For a feature add/request, you'll need to post at UTM (Formerly ASG) Feature Requests: Hot (1772 ideas).
  • 0
    So UTM 9.3 now has all the required software on the box, but not enabled.  Is there a way to make config changes that will survive a reboot?

    I need to add a line to /var/storage/chroot-reverseproxy/usr/apache/conf/modules.conf to load the module. ie. add the line

    LoadModule proxy_wstunnel_module /usr/apache/modules/mod_proxy_wstunnel.so

    And then add a location section to /var/storage/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf such as:

            
                    ProxyPass wss://server.name/websocket
            

    Making these changes and restarting the reverse proxy (/var/mdw/scripts/reverseproxy restart) and it then works.  It would be nice if Sophos could add the ability to do this to the UI.

    Simon
  • 0

    Simon, please do add a Feature Suggestion for this.

    Cheers - Bob

  • 0

    Hi Bob,

    Someone else has already requested it.  And I have added comments etc, but still no response.  This feature was promised in 9.1.x.  The request is here for anyone interested:

    websocket support for WAF

    Simon

  • 0 in reply to theRat_01
    Sophos are you ever going to implement this. It was on you radar 4 years ago, many people are asking for it. This lack of feature is now stopping me being able to recommend it for current project. Yes, websockets is real, it gets used and needs to be supported.
  • 0

    We'll have to wait and see if it's configurable through WebAdmin in 9.4, due later this year.

    Have you checked if it's available in the replacement for UTM, Sophos XG?  That is where the lions share of new development will be dedicated to.

  • 0 in reply to theRat
    Hi,

    UTM 9.3 is using Apache 2.4.10. You could try to include it there.

    Mod_proxy_wstunnel will be not included in UTM 9.4 and it is not included in Sophos XG v1.

    Sabine
  • 0 in reply to Evianne
    Hi Sabine,

    I don't understand your comment "Mod_proxy_wstunnel will be not included in UTM 9.4". I just downloaded and installed the Beta of 9.4 and mod_proxy_wstunnel is still included (as it should be since it is part of the apache package).

    Considering this feature request is high on the list of requested features I don't understand the reluctance to add it, especially considering the is no real code to write, you just need to allow for it in the configuration.

    Simon
  • 0
    "Considering this feature request is high on the list of requested features I don't understand the reluctance to add it" Points added to a request is only one of many considerations that go into the decision making process as to what is added or not.
  • 0 in reply to theRat
    Hi Simon,
    sorry, my comment was really confusing. What I meant was, that there is no websocket support in 9.4 or SFOSv1. Sure, the module is included.
    And I'm afraid, I'm the wrong person to answer your question regarding feature prioritization.
    Sabine