Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 8303 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with webserver protection

bengtolsson

Hi,

Have an Sophos UTM 110/120.

Have gone after these link: http://fastvue.co/sophos/blog/how-to-publish-websites-with-sophos-utm-web-server-protection/

I changde to my info.

Everything works good but when try my website coming an blue color, have an script in index.htm goes to wordpress, nothing happen after that blue color.

Have done rule firewall to my webserver out and in too. Then doing an DNAT rule

DNAT rule going after these link http://www.virtualizationhowto.com/2015/02/configure-port-forwarding-sophos-utm/#prettyPhoto

port is open to

I think something is wrong on my webserver , for write in my webbrowser typ www.xxxxxx.se then coming blue color after that is wordpress coming but nothing happen for me.

have www before my domain name but after blue color is not longer www.

Before Sophos UTM working good have another firewall device then was no problem.

I seeking on Internet of course.

Thinking to do new installation on my webserver for see if that helps but not give up yet.

Hope understand my english not easy to write think



This thread was automatically locked due to age.
  • 0

    When click on "open live log" is my info:

    2016:06:05-10:43:14 server reverseproxy: [Sun Jun 05 10:43:14.963421 2016] [mpm_worker:notice] [pid 13815:tid 3073623744] AH00297: SIGUSR1 received. Doing graceful restart

    2016:06:05-10:43:15 server reverseproxy: AH00112: Warning: DocumentRoot [/var/www/REF_RevFro9413798251] does not exist
    2016:06:05-10:43:15 server reverseproxy: [Sun Jun 05 10:43:16.001070 2016] [mpm_worker:notice] [pid 13815:tid 3073623744] AH00292: Apache/2.4.10 (Unix) OpenSSL/1.0.1k configured -- resuming normal operations
    2016:06:05-10:43:15 server reverseproxy: [Sun Jun 05 10:43:16.001300 2016] [core:notice] [pid 13815:tid 3073623744] AH00094: Command line: '/usr/apache/bin/httpd'
    2016:06:05-10:43:15 server reverseproxy: [Sun Jun 05 10:43:16.001402 2016] [mpm_worker:warn] [pid 13815:tid 3073623744] AH00291: long lost child came home! (pid 4441)
    2016:06:05-10:43:15 server reverseproxy: [Sun Jun 05 10:43:16.001481 2016] [mpm_worker:warn] [pid 13815:tid 3073623744] AH00291: long lost child came home! (pid 4442)
    2016:06:05-10:43:17 server reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="56" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="2135" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
    2016:06:05-10:44:37 server reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="56" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1605" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
    2016:06:05-10:44:55 server reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="56" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1377" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
    2016:06:05-10:45:06 server reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="56" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1218" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"

    that srcip says 127.0.0.1 but my webserver is on 192.168.168.17

    Think something i my apache server must change

    Is that true must do something with my apache server looks wrong with that ip in that log I show here

  • 0 in reply to bengtolsson

    Not giving up , that working but my wordpress will work longer try to fil in under "site Path Routing" path to my adress to wordpress and get info is not does not exist.

  • 0 in reply to bengtolsson

    Hi,

    the log lines with scrip 127.0.0.1 are 'normal'. That's for checking the status of the real webservers.

    If you have a DNAT rule, the traffic bypasses the WAF. Disable the DNAT rule and afterwards check the logs when you make a request.

    Sabine

  • 0

    It's good to be cognizant of the fact that WebAdmin is a GUI that manipulates databases of objects and settings.  The actual lines of code that perform the functions are written by the configuration daemon.  After you make a change in WebAdmin, the configuration daemon might change hundreds of lines of code.  #2 in Rulz gives an idea of the sequence of the lines of code written by the config daemon.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?