0

we want to use Sophos WAF (Web Application Firewall) as a reverse proxy to make a sap site accessible from an external.

The problem is the following:

External access with NAT works however external access with the Sophos WAF as a reverse proxy fails. We get a HTTP ERROR 500 when trying to access the URL. In the tomcat logs of the site I could find this extra information:

"java.lang.RuntimeException: None of SP's internal [https://sapinternal:port/service/] and external address [[https://sapextern.domain.com:port/service]] haven't been found in value of the "x-forwarded-for" header [public ip-address of the client]"

Does anybody have an idea why it works with NAT but the error appears when using Sophos WAF? Or what needs to be configured in order to get it working with Sophos WAF.

Kind Regards

SapOverflow
  • 1
  • Most likely the Sophos WAF removes (or changes) the `x-forwarded-for` header in the request and the server code checks this value and refuses to work without. – Robert Sep 19 '22 at 08:25
  • @Robert do you think adding "RemoteIpValve" in Tomcat server.xml would help? Unfortunately I can't try it and see if it works. – SapOverflow Sep 19 '22 at 14:40
  • That does not look like a tomcat configuration problem, instead my guess is that it is hard-coded in the applicaption that is running on tomcat. – Robert Sep 19 '22 at 14:45
  • I was afraid of hearing that. I'll probably need to configure another reverse proxy like nginx and manipulate the x-forwarded-for header in a way the application accepts it? – SapOverflow Sep 19 '22 at 14:52

0 Answers0