Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

WAF false positives on internal websites behind SMA

thaethae Newbie ✭
in Secure Mobile Access Appliances

Hello all,

since the latest update 10.2.1.7 there's this function enabled:

  • Enforce WAF to protect the SMA100 itself

and we get some "false positives" on our internal websites which we added as bookmarks after a user is logged onto the remote office portal:

msg="WAF threat prevented: System Command Injection Variant 1" URI=<ourSMASite>:443/static/img/Files_Highlight.svg rule-match="cag925axj2uxtcweegkqntkkeldvaobrgzvijig4brj7vqm1d8oympbhipkywx8qibbrxurkmlcq0e gj3tgfapb6n7i2mjftiwzjv9t09ckxuyxrelfejqxsh7nu0t" AttackCat="System Command Injection Variant 1"

msg="WAF threat prevented: System Command Injection Variant 1" URI=<ourSMASite>:443/cgi-bin/https?HOST=<ourMailServer>%2Fowa&amp;bookmarkAccessed=5&amp;swcctn=AkOJoAQAAA1Az4N4sPzhwVGVVgOscbCh rule-match="cag925axj2uxtcweegkqntkkeldvaobrgzvijig4brj7vqm1d8oympbhipkywx8qibbrxurkmlcq0e gj3tgfapb6n7i2mjftiwzjv9t09ckxuyxrelfejqxsh7nu0t" AttackCat="System Command Injection Variant 1"

msg="WAF threat prevented: System Command Injection Variant 1" URI=<ourSMASite>:443/cgi-bin/http?HOST=<ourIntranet>%2Fcms%2F&amp;bookmarkAccessed=1&amp;swcctn=AkOJoAQAAA1Az4N4sPzhwVGVVgOscbCh rule-match="cag925axj2uxtcweegkqntkkeldvaobrgzvijig4brj7vqm1d8oympbhipkywx8qibbrxurkmlcq0e gj3tgfapb6n7i2mjftiwzjv9t09ckxuyxrelfejqxsh7nu0t" AttackCat="System Command Injection Variant 1"

Is there any way to exclude sites out of WAF?

Category: Secure Mobile Access Appliances
Reply
Sign In or Register to comment.