Sophos UTM and Web Form Builder

User 2782936 Photo


Registered User
5 posts

For anyone who has their website behind a Sophos UTM firewall, I just want to share a tip.

If you subscribe to the Web Server Protection Module, in order for the Coffee Cup forms to work consistently you will need to disable some settings.

The tell tale sign that your form is not going to work as intended is a 403 permission error when you submit your form. This may not occur on every instance, nor will it always happen unless you have submitted more than once during your session (e.g. you filled out the captcha incorrectly on the first try). I found the best way to reproduce the issue was to fill out the form and deliberately get the captcha wrong, then submit.

SOLUTION

First ensure you are also not subject an Apache mod_security issue by temporarily disabling the rules for the folder. Then you will need to check your settings under the common threats category in your firewall profile for the associated web server (under Web Application Firewall > Firewall Profiles). See attached image. You will need to work the each of the common threat filter categories to find what works for you.

I have tested this on a Bootstrap 4 alpha 6 web page behind Sophos UTM 9.411-3.
https://www.ianmcgregorphotography.com/forms/servicerequest.html

Hopefully this helps someone.


Attachments:
User 187934 Photo


Senior Advisor
20,181 posts

Thanks for those tips Ian.:cool:
I can't hear what I'm looking at.
It's easy to overlook something you're not looking for.

This is a site I built for my work.(RSD)
http://esmansgreenhouse.com
This is a site I built for use in my job.(HTML Editor)
https://pestlogbook.com
This is my personal site used for testing and as an easy way to share photos.(RLM imported to RSD)
https://ericrohloff.com

Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.