Proxy server behind ASM

Hi Scott,

 

 

What is the request/response flow? Is it client -> proxy -> ASM -> server? Or something else? What are you trying to protect?

 

 

What is the actual violation type listed in the full request information? They should be listed under 'Request Violations'. Can you post an anonymized copy of the request headers and/or data?

 

 

Aaron

Full request posted below. The gif is on the server it's proxying to. Not on the proxy server. The flow is client -> ASM -> proxy server. Was attempting to protect the proxy server.

 

 

Thanks.

 

 

Flags Requested Object Response Code Internal Use

 

[HTTPS] /images/images/view-attachments.gif 304 Yes

 

 

Full Request

 

GET /images/images/view-attachments.gif HTTP/1.1

 

Accept: */*

 

Referer: https://proxyserver.mydomain.com/homepage/homepage.jsp

 

Accept-Language: en-us

 

UA-CPU: x86

 

Accept-Encoding: gzip, deflate

 

If-Modified-Since: Mon, 31 Jan 2000 19:34:12 GMT

 

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2; .NET CLR 1.1.4322)

 

Host: proxyserver.mydomain.com

 

Connection: Keep-Alive

 

Cookie: TSb074f7=67bcdaf929e6111babadd04136b0feba160b99a96fbee49749be4837c8f0c0030d53b05734d55be3ffabebb2; jsessionid=384121237208175220; userInfo=userID%3D17c

 

Maybe I'm missing something, but I don't see why this would generate false positive violations. What violations are being generated? If it is only 'non-existent object' do you have a wildcard object defined in the policy?

 

 

Also, why is the host header in the request set to the proxy server? Shouldn't this be the destination server's domain name?

 

 

Aaron

After reading your reply about a wildcard, I checked and sure enough I was sitting on the wrong security policy. There were not wildcard objects defined. I changed it to the correct policy and am watching it now.

 

 

Thanks for your help!