[solved] nginx auth issues with Exchange 2016/IIS 401 loop

Started by klamath, January 28, 2021, 03:46:49 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
February 09, 2021, 09:45:51 PM #30
For the request buffering I checked on nginx website and applied that change, once i applied that change everything started to pass the remote connectivity checks.  I did some more digging with WAF, here is a snippit of my logs, how can i track down the rules triggering this?

==> /var/log/nginx/mail.xxx.com,exchange.ad.xxx.com,autodiscover.xxx.com,_autodiscover.xxx.com.error.log <==
2021/02/09 14:40:26 [error] 51224#100230: *38 NAXSI_EXLOG: ip=168.61.212.41&server=autodiscover.xxx.com&uri=%2FAutodiscover%2FAutodiscover.xml&id=16&zone=BODY&var_name=&content=, client: 168.61.212.41, server: mail.xxx.com, request: "POST /Autodiscover/Autodiscover.xml HTTP/1.1", host: "autodiscover.xxx.com"
2021/02/09 14:40:26 [error] 51224#100230: *38 NAXSI_FMT: ip=168.61.212.41&server=autodiscover.xxx.com&uri=/Autodiscover/Autodiscover.xml&vers=1.3&total_processed=1&total_blocked=1&config=block&zone0=BODY&id0=16&var_name0=, client: 168.61.212.41, server: mail.xxx.com, request: "POST /Autodiscover/Autodiscover.xml HTTP/1.1", host: "autodiscover.xxx.com"


2021/02/09 14:40:26 [error] 51224#100230: *39 NAXSI_EXLOG: ip=168.61.212.41&server=autodiscover.xxx.com&uri=%2FAutodiscover%2FAutodiscover.xml&id=11&zone=BODY&var_name=&content=, client: 168.61.212.41, server: mail.xxx.com, request: "POST /Autodiscover/Autodiscover.xml HTTP/1.1", host: "autodiscover.xxx.com"
2021/02/09 14:40:26 [error] 51224#100230: *39 NAXSI_FMT: ip=168.61.212.41&server=autodiscover.xxx.com&uri=/Autodiscover/Autodiscover.xml&vers=1.3&total_processed=2&total_blocked=2&config=block&zone0=BODY&id0=11&var_name0=, client: 168.61.212.41, server: mail.xxx.com, request: "POST /Autodiscover/Autodiscover.xml HTTP/1.1", host: "autodiscover.xxx.com"


Thanks for sticking with me on all this!  I appreciate it greatly!
February 10, 2021, 12:29:43 AM #31
I got it sorted, the "main" rules didnt show up in the GUI, ended up finding this and creating a policy and whitelisting rules 11, 16 and 1206 worked!

Thank you @Fright
February 10, 2021, 05:32:07 AM #32 Last Edit: February 10, 2021, 06:37:55 AM by Fright
yes, I didn't think that nginx could send 405 in this case (deny page is a local static resource  and because of the POST method used a 405 error is sent by nginx).
Good!
glad everything worked
by the way, if i remember correctly for activesync, I disabled id1205 also

QuoteI checked on nginx website and applied that change
yeah. buffering should be disabled for outlook anywhere. but client_max_body_size is for large uploads - should not be an issuer for M$ connectivity tests )
Print
Go Up Pages 1 2 3
User actions