Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  SSL Certificate - SSL Keys

    Posted 03-08-2023 06:43
    Edited by Olgerta Prendi 03-08-2023 06:47

    Hi Team, 

    I have some websites added on Imperva. All the websites are under the same server group. We are in non-transparent reverse proxy mode.

    For example: 

    domain1.com

    domain2.com

    domain3.com

    ...

    Gateway ports: 443, 80

    They have different SSL Certificates and after I added them in the path: 

    SETUP > Sites > Reverse Proxy

    Note* I cover because of the privacy of the client.

    When I check domain2.com, domain3.com from outside they redirect me to domain1.com. After redirection, if you click on the privacy icon (https://domain2.com), all the websites (domain2.com, domain3.com) have the same certificate of domain1.com.

    I try to explain it in my best way and hope someone can understand the problem I have. Can someone have this kind of issue before that can help me?

    Many Thanks,


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Olgerta Prendi
    Cyber Security Specialist
    S&T AG
    Tirana
    ------------------------------



  • 2.  RE: SSL Certificate - SSL Keys

    Posted 03-09-2023 10:19

    Hi,

    The current  configuration is mapping 1 external IP to multiple internal servers and is looking for any hostname and accessing the hostname based on priority. Since you have the hostname set to any, all IP will match the fist domain in order of priority.

    Question: Are all these domains on a shared single IP or multiple IP?

    Single IP:

    You need to tell the WAF which hostname goes where. Remove the checkmark for hostname any and enter the hostname you want going to the relevant backend server.

    This is often a scenario in a multi tenant installation where a shared external SSL certificate is used for multiple domains. 

    Multiple IP:

    You will have to create multiple external rules for each domain. And each internal rule will only have 1 rule.

    Some helpful KBs:

    1. https://docs.imperva.com/bundle/v14.4-web-application-firewall-user-guide/page/3092.htm
    2. https://community.imperva.com/blogs/ira-miga1/2020/12/07/how-to-configure-imperva-waf-reverse-proxy-mode



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------



  • 3.  RE: SSL Certificate - SSL Keys

    Posted 03-09-2023 11:15

    Hi Sarvesh,

    I solved the issue. The problem was on the miconfigurations when I populated it.

    Thanks,



    ------------------------------
    Olgerta Prendi
    Cyber Security Specialist
    S&T AG
    Tirana
    ------------------------------