1

I have an web server (IIS) behind an SOPHOS UTM 9

I have setup the Web Application Firewall feature It is a completely fresh install. No other settings have been edited. When I try to access the server form the web I get: "Forbidden" error message in the web browser.

Any ideas ?

plaugg
  • 113
  • 3

3 Answers3

1

Please be more specific about what you're trying to do. The WAF is a feature that protects internal web servers. As such, you MUST set it up correctly in order to gain access to your internal server. This usually requires that you do the following:

  • (optional) Add a new IP address to your external NIC to accept connections for the internal web servers
  • Setup the DNS so that your external FQDN points to the external IP address of the firewall that you chose to use for this.
  • (optional) If you're using SSL, then go to certificate management and make yure you have uploaded the X509 certificate for your web site including the private key (PKCS#12 format) as well as all intermediate CA up to and including the root.
  • Define a new real web server that contains the host name (or IP address) and protocol type (HTTP/HTTPS) of the internal web server
  • Create a new virtual web server, specifying the interface (IP) that should be used, the protocol type (HTTP/HTTPS), the external port number to use, the external domain name(s) (FQDN of your web server as seen from the outside), the reference to the real web server you created above (you can use more than one for fail-over/load balancing) and specific the type of firewalling that needs to be done. Typically, you would pick "basic" and check both "Enable HTML rewrite" and "pass host header", at least initially.

Once all of this has been done, enable the WAF and it should work. If it doesn't, then start by creating a new firewall profile, select the "monitor" mode and leave everything unchecked: that's the most permissive firewall rule possible and test again.

If that doesn't fix it, the review the logs on your web server: did it receive the requests ? Did it reply to them with a valid response code ? Etc.

If all else fail, please describe your setup in detail, including what application you're running on the web server (because some simply do not work with Sophos WAF, like OWA or Citrix web interface)

Stephane
  • 6,382
  • 3
  • 25
  • 47
0

You may get better results with this type of question over at ServerFault.

Two thoughts:

1) If Sophos is completely locking down your traffic you may want to check to ensure that you have your web ports open in the rule set (80/443).

2) Generally speaking a 'forbidden' message is not the firewall, however, and points to an incorrect IIS setup. Without more information I don't think there is too much help that can be provided.

Best of luck.

grauwulf
  • 101
  • 1
  • I'm almost sure iis is correctly installed. SPOHOS on the other hand seems to allow all trafic. What kind of information do you need –  Apr 18 '13 at 15:13
  • 1
    try http://localhost/iisstart.htm if you get an error code it should be 403.[1-20], that number after the decimal will direct you to your problem. I'd start by doing a web search on that code, eg google:'IIS 403.5' and that should point you in the right direction. –  Apr 18 '13 at 15:17
0

You need to add domains in your Virtual Web server under Web Access firewall settings, Unless you define domain there by default WAF will give forbiden error message

user232862
  • 1