Imperva Cyber Community

Expand all | Collapse all

Kernel Reserve Proxy HTTPS Issue

  • 1.  Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 05:15

    Hi everyone,

    We have deploy our imperva in a KRP mode, we have successfully browse http but we cannot browse https.
    We did the ff.

    1. Uploaded SSL certificate of webserver in imperva, we also define it under the Definitions
    2. We tried CURL, we ping and telnet the the FQDN in CLI , it responded without any problem.
    3. We also created Web Page Error.

    Did we miss anything in configuration of KRP rules?

    I hope you guys can help us, we have been struggling for weeks already and i couldn't find anything.

    Thank you 


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Clydie
    Mlhuillier
    ------------------------------


  • 2.  RE: Kernel Reserve Proxy HTTPS Issue

    Imperva Employee
    Posted 08-17-2020 05:25
    Hi Clydie,

    Have you configured Reverse Proxy Decision Rules?
    You can find the instructions here: https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/3094.htm
    Let me know if it helps..
    Best,

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 3.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 23:47

    Hi Ira,

    Yes i have already configured it.

    I have successfully browse HTTP but HTTPS



    ------------------------------
    Clydie Oliamot
    Mlhuillier
    ------------------------------



  • 4.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 07:03
    Hi Clyde, 
    1) Make sure the "Encrypt" checkbox is checked

    2) Is HTTP working when going through the gateway?

    3) If so it's probably an SSL issue. If you're in version 13 and above - 

    Under setup-> sites->YOUR SERVICE->Reverse proxy-> CLIENT SSL Negotiation settings, . choose "High Performance RP client side SSL settings",
    Under SERVER SSL Negotiation settings, . choose "High Performance RP server side SSL settings".

    4)
    If HTTP does go through and the above settings do not work, you should record a tcpdump on the gw of a non-working connection, and compare that to a recording of working connection when bypassing the gw. You'll probably find either a cipher suite incompatibility or a TCP issue.

    ------------------------------
    Roee Sharon
    RSECURE
    ------------------------------



  • 5.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 09-22-2020 21:01

    Hi Guys,

    I got another issue in KRP, I have working services on my on-prem WAF but whenever I add/create new services those working services will became unstable. 
    I notice that if my services goes beyond 3 it became unstable. 

    I got Impever x2500 Version: 12.0.0.90

    Thank you in advance



    ------------------------------
    Clydie Oliamot
    Mlhuillier
    ------------------------------



  • 6.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 24 days ago
    Hi Clydie,
    I have the same problem. Did you manage to solve it?
    Thanks,
    Anna


    ------------------------------
    Anna Hristova
    System Administrator
    Sofia
    ------------------------------



  • 7.  RE: Kernel Reserve Proxy HTTPS Issue

    Imperva Employee
    Posted 24 days ago
    Hi Clydie,

    Did you resolve the SSL issue?

    Also, can you add more detail on what you mean by, "whenever I add/create new services those working services will became unstable."

    Is there an error that is displayed? 


    Thanks.



  • 8.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 23 days ago

    Hi Clydie,
    for the first problem, have you checked if the port 443 is opened ?

    netstat -an | grep 443 | grep -I listen
    or
    telnet localhost 443


    for the second issue, i just sugest you to update, since 12.X in EOL if i'm not wrong
    otherwise
    the only way to have more information is to have a packed capture.



    ------------------------------
    Zuliani
    ------------------------------