Imperva Cyber Community

Expand all | Collapse all

Kernel Reserve Proxy HTTPS Issue

  • 1.  Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 05:15

    Hi everyone,

    We have deploy our imperva in a KRP mode, we have successfully browse http but we cannot browse https.
    We did the ff.

    1. Uploaded SSL certificate of webserver in imperva, we also define it under the Definitions
    2. We tried CURL, we ping and telnet the the FQDN in CLI , it responded without any problem.
    3. We also created Web Page Error.

    Did we miss anything in configuration of KRP rules?

    I hope you guys can help us, we have been struggling for weeks already and i couldn't find anything.

    Thank you 


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Clydie
    Mlhuillier
    ------------------------------


  • 2.  RE: Kernel Reserve Proxy HTTPS Issue

    Imperva Employee
    Posted 08-17-2020 05:25
    Hi Clydie,

    Have you configured Reverse Proxy Decision Rules?
    You can find the instructions here: https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/3094.htm
    Let me know if it helps..
    Best,

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 3.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 23:47

    Hi Ira,

    Yes i have already configured it.

    I have successfully browse HTTP but HTTPS



    ------------------------------
    Clydie Oliamot
    Mlhuillier
    ------------------------------



  • 4.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 07:03
    Hi Clyde, 
    1) Make sure the "Encrypt" checkbox is checked

    2) Is HTTP working when going through the gateway?

    3) If so it's probably an SSL issue. If you're in version 13 and above - 

    Under setup-> sites->YOUR SERVICE->Reverse proxy-> CLIENT SSL Negotiation settings, . choose "High Performance RP client side SSL settings",
    Under SERVER SSL Negotiation settings, . choose "High Performance RP server side SSL settings".

    4)
    If HTTP does go through and the above settings do not work, you should record a tcpdump on the gw of a non-working connection, and compare that to a recording of working connection when bypassing the gw. You'll probably find either a cipher suite incompatibility or a TCP issue.

    ------------------------------
    Roee Sharon
    RSECURE
    ------------------------------



  • 5.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 6 days ago

    Hi Guys,

    I got another issue in KRP, I have working services on my on-prem WAF but whenever I add/create new services those working services will became unstable. 
    I notice that if my services goes beyond 3 it became unstable. 

    I got Impever x2500 Version: 12.0.0.90

    Thank you in advance



    ------------------------------
    Clydie Oliamot
    Mlhuillier
    ------------------------------