Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
[solved] nginx auth issues with Exchange 2016/IIS 401 loop
« previous
next »
Print
Pages:
1
2
[
3
]
Author
Topic: [solved] nginx auth issues with Exchange 2016/IIS 401 loop (Read 18789 times)
klamath
Newbie
Posts: 47
Karma: 0
Re: nginx auth issues with Exchange 2016/IIS 401 loop
«
Reply #30 on:
February 09, 2021, 09:45:51 pm »
For the request buffering I checked on nginx website and applied that change, once i applied that change everything started to pass the remote connectivity checks. I did some more digging with WAF, here is a snippit of my logs, how can i track down the rules triggering this?
==> /var/log/nginx/mail.xxx.com,exchange.ad.xxx.com,autodiscover.xxx.com,_autodiscover.xxx.com.error.log <==
2021/02/09 14:40:26 [error] 51224#100230: *38 NAXSI_EXLOG: ip=168.61.212.41&server=autodiscover.xxx.com&uri=%2FAutodiscover%2FAutodiscover.xml&id=16&zone=BODY&var_name=&content=, client: 168.61.212.41, server: mail.xxx.com, request: "POST /Autodiscover/Autodiscover.xml HTTP/1.1", host: "autodiscover.xxx.com"
2021/02/09 14:40:26 [error] 51224#100230: *38 NAXSI_FMT: ip=168.61.212.41&server=autodiscover.xxx.com&uri=/Autodiscover/Autodiscover.xml&vers=1.3&total_processed=1&total_blocked=1&config=block&zone0=BODY&id0=16&var_name0=, client: 168.61.212.41, server: mail.xxx.com, request: "POST /Autodiscover/Autodiscover.xml HTTP/1.1", host: "autodiscover.xxx.com"
2021/02/09 14:40:26 [error] 51224#100230: *39 NAXSI_EXLOG: ip=168.61.212.41&server=autodiscover.xxx.com&uri=%2FAutodiscover%2FAutodiscover.xml&id=11&zone=BODY&var_name=&content=, client: 168.61.212.41, server: mail.xxx.com, request: "POST /Autodiscover/Autodiscover.xml HTTP/1.1", host: "autodiscover.xxx.com"
2021/02/09 14:40:26 [error] 51224#100230: *39 NAXSI_FMT: ip=168.61.212.41&server=autodiscover.xxx.com&uri=/Autodiscover/Autodiscover.xml&vers=1.3&total_processed=2&total_blocked=2&config=block&zone0=BODY&id0=11&var_name0=, client: 168.61.212.41, server: mail.xxx.com, request: "POST /Autodiscover/Autodiscover.xml HTTP/1.1", host: "autodiscover.xxx.com"
Thanks for sticking with me on all this! I appreciate it greatly!
Logged
klamath
Newbie
Posts: 47
Karma: 0
Re: [solved] nginx auth issues with Exchange 2016/IIS 401 loop
«
Reply #31 on:
February 10, 2021, 12:29:43 am »
I got it sorted, the "main" rules didnt show up in the GUI, ended up finding this and creating a policy and whitelisting rules 11, 16 and 1206 worked!
Thank you @Fright
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: [solved] nginx auth issues with Exchange 2016/IIS 401 loop
«
Reply #32 on:
February 10, 2021, 05:32:07 am »
yes, I didn’t think that nginx could send 405 in this case (deny page is a local static resource and because of the POST method used a 405 error is sent by nginx).
Good!
glad everything worked
by the way, if i remember correctly for activesync, I disabled id1205 also
Quote
I checked on nginx website and applied that change
yeah. buffering should be disabled for outlook anywhere. but client_max_body_size is for large uploads - should not be an issuer for M$ connectivity tests )
«
Last Edit: February 10, 2021, 06:37:55 am by Fright
»
Logged
Print
Pages:
1
2
[
3
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
[solved] nginx auth issues with Exchange 2016/IIS 401 loop
