I have set up WAF in the following way:
1. virtual webserver:
Domains: domain.com
Real Web Servers: Lotus Domino Server
Firewall Profile: Advanced Protection (with URL hardening)
2. real webserver:
name: Lotus Domino Server
host: an internal host (external access via DNAT)
3. firewall profiles:
Advanced with URL hardening.
For testing purposes I have entered only "http://www.domain.com" in URL hardening.
I tried to open "http://domain.com/otherthings" directly and this still works. I thought URL hardening would disable the direct access to URLs not entered in the "Entry URL"-list?
Do I missunderstand URL hardening or is it the DNAT which does not work with WAF?
1. virtual webserver:
Domains: domain.com
Real Web Servers: Lotus Domino Server
Firewall Profile: Advanced Protection (with URL hardening)
2. real webserver:
name: Lotus Domino Server
host: an internal host (external access via DNAT)
3. firewall profiles:
Advanced with URL hardening.
For testing purposes I have entered only "http://www.domain.com" in URL hardening.
I tried to open "http://domain.com/otherthings" directly and this still works. I thought URL hardening would disable the direct access to URLs not entered in the "Entry URL"-list?
Do I missunderstand URL hardening or is it the DNAT which does not work with WAF?