Issue
Websites show a connection refused error after enabling WebShield.
What ports should be allowed on the firewall in order for WebShield to function properly?
Environment
- Imunify360
- WebShield
- Firewall
Solution
You can find relevant information by the link.
These ports are reserved by the Webshield mechanism which is:
-
Redirects Graylisted traffic to the captcha until the captcha is passed.
-
Stops bots with the Splashscreen.
-
Proxies the rest of the traffic to backends.
This is an important part of how Imunify works and we do not pass the traffic to the backend web server in plain text as we follow the non-existence of the non-SSL connection principle. Although as you noticed at stage 3, it causes us some nuances with the certificates.
The Webshield is a reverse proxy, it has to handle SSL requests, but this part is a bit tricky. Webshield does its best to find all proper host certificates to use, but when it fails to find a certificate for the hostname requested, it returns its self-signed certificate. We understand that this can be interpreted as a sort of issue. Sadly, as of now, there is not much we can do about it.
Useful links
Comments
0 comments
Please sign in to leave a comment.