Forums (Obsolete)

Old Forums

Installation and deployment

Version 7.x > Installation and deployment > Kentico-Compatible Web Application Firewall (WAF)

View modes:

Member

mpatti-sherwood-group - 1/9/2013 12:23:00 PM

Kentico-Compatible Web Application Firewall (WAF)

I'm looking for suggestions for web application firewalls that work well with Kentico.

I use Applicure's dotDefender for non-Kentico sites, and that works very well; but my tests with dotDefender and Kentico are not going very well.

If you are currently using a WAF that doesn't interfere with Kentico's operation, let me know. I need to prove PCI-compliance for the Kentico site I'm developing, and in my experience, a WAF can go a long way to attaining compliance.

Thanks.


Kentico Support	kentico_jurajo - 1/14/2013 5:31:08 AM RE:Kentico-Compatible Web Application Firewall (WAF) Hi, Currently, we have no list of such a third party tools. Anyway, would it be possible to let us know what is not working - maybe it is something we can fix/change. Thank you. Best regards, Juraj Ondrus

Member

dstratton-kwiktrip - 6/17/2013 2:08:51 PM

RE:Kentico-Compatible Web Application Firewall (WAF)

I'm just curious, if you're willing to share, what types of issues are we having? We are having issues that we suspect are related to our web farm with a Web Applicaiton Firewall.

For example, our scheduled tasks won't run, and when pointed to http://<ourdomain> we get messsges like the following:in our IIS logs:

2013-06-16 00:00:02 10.10.14.32 GET /cmsmessages/invalidlicensekey.aspx rawurl=http://10.10.1.44&result=1 80 - 10.10.1.255 - 503 0 64 0

We're not sure why our rerequests are being redirected to an IP address. We suspect that the error is happening is that we don't have the IP Address in our site's aliases. but we're not sure why we'd get redirected from <our domain> to <ip address>. We THINK it's our Web Applicaiton Firewall, but we're not sure, and we're trying to figure out the best approach to resolving this.

Kentico Support

kentico_jurajo - 6/18/2013 3:08:37 AM

RE:Kentico-Compatible Web Application Firewall (WAF)

Hi,

The scheduler runs under the application IP or domain. It seems, that your IIS or DNS is set to translate the domain name but the actual application on given server is running under the internal/server IP. The solution is to add a license key for given IP (development license key) and add it as a domain alias.

Best regards,
Juraj Ondrus

Top