Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 05:15

    Hi everyone,

    We have deploy our imperva in a KRP mode, we have successfully browse http but we cannot browse https.
    We did the ff.

    1. Uploaded SSL certificate of webserver in imperva, we also define it under the Definitions
    2. We tried CURL, we ping and telnet the the FQDN in CLI , it responded without any problem.
    3. We also created Web Page Error.

    Did we miss anything in configuration of KRP rules?

    I hope you guys can help us, we have been struggling for weeks already and i couldn't find anything.

    Thank you 


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Clydie
    Mlhuillier
    ------------------------------


  • 2.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 05:25
    Hi Clydie,

    Have you configured Reverse Proxy Decision Rules?
    You can find the instructions here: https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/3094.htm
    Let me know if it helps..
    Best,

    ------------------------------
    Ira Miga
    Imperva
    Knowledge Engineer
    ------------------------------



  • 3.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 23:47
    Edited by Clydie Oliamot 09-22-2020 22:52

    Hi Ira,

    Yes i have already configured it.

    I have successfully browse HTTP but HTTPS



    ------------------------------
    Clydie Oliamot
    Mlhuillier
    ------------------------------



  • 4.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 08-17-2020 07:03
    Hi Clyde, 
    1) Make sure the "Encrypt" checkbox is checked

    2) Is HTTP working when going through the gateway?

    3) If so it's probably an SSL issue. If you're in version 13 and above - 

    Under setup-> sites->YOUR SERVICE->Reverse proxy-> CLIENT SSL Negotiation settings, . choose "High Performance RP client side SSL settings",
    Under SERVER SSL Negotiation settings, . choose "High Performance RP server side SSL settings".

    4)
    If HTTP does go through and the above settings do not work, you should record a tcpdump on the gw of a non-working connection, and compare that to a recording of working connection when bypassing the gw. You'll probably find either a cipher suite incompatibility or a TCP issue.

    ------------------------------
    Roee Sharon
    RSECURE
    ------------------------------



  • 5.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 09-22-2020 21:01
    Edited by Clydie Oliamot 09-22-2020 22:52

    Hi Guys,

    I got another issue in KRP, I have working services on my on-prem WAF but whenever I add/create new services those working services will became unstable. 
    I notice that if my services goes beyond 3 it became unstable. 

    I got Impever x2500 Version: 12.0.0.90

    Thank you in advance



    ------------------------------
    Clydie Oliamot
    Mlhuillier
    ------------------------------



  • 6.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 04-20-2021 09:18
    Hi Clydie,
    I have the same problem. Did you manage to solve it?
    Thanks,
    Anna


    ------------------------------
    Anna Hristova
    System Administrator
    Sofia
    ------------------------------



  • 7.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 04-20-2021 13:34
    Hi Clydie,

    Did you resolve the SSL issue?

    Also, can you add more detail on what you mean by, "whenever I add/create new services those working services will became unstable."

    Is there an error that is displayed? 


    Thanks.



  • 8.  RE: Kernel Reserve Proxy HTTPS Issue

    Posted 04-21-2021 10:04

    Hi Clydie,
    for the first problem, have you checked if the port 443 is opened ?

    netstat -an | grep 443 | grep -I listen
    or
    telnet localhost 443


    for the second issue, i just sugest you to update, since 12.X in EOL if i'm not wrong
    otherwise
    the only way to have more information is to have a packed capture.



    ------------------------------
    Zuliani
    ------------------------------