https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125178#M31 <P>Thanks Guys!! It worked perfectly with my test setup and nginx reverse proxy. <span class="lia-unicode-emoji" title=":grinning_face:">😀</span></P><P>Trying few more scenarios with multiple URLs.</P> Thu, 29 Jul 2021 03:07:50 GMT Blason_R 2021-07-29T03:07:50Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/124962#M24 <P>Hi Team,</P><P>Does AppSec works with nginx reverse proxy? Lets say I have 5 portals behind nginx reverse proxy as a on-prem server.</P><P>Can I -</P><UL><LI>Deploy on-prem Nginx integration with AppSec</LI><LI>Also we are deciding to move to the cloud wondering then can we move to the cloud?</LI></UL><P>&nbsp;</P><P>&nbsp;</P> Tue, 27 Jul 2021 03:23:52 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/124962#M24 Blason_R 2021-07-27T03:23:52Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/124986#M25 <P>Hi,</P> <P>You can deploy our Agent on a Linux Server with NGINX deployed on it.</P> <P>I have done it in a lab environment and it worked with no issues.</P> <P>When you move to a cloud environment you can just deploy another agent in the new deployment on the server or as a CloudGuard AppSec Gateway to protect it.</P> Tue, 27 Jul 2021 08:31:21 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/124986#M25 Nir_Shamir 2021-07-27T08:31:21Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125006#M26 <P>Hi,</P><P>What if I have multiple portals configured in reverse proxy? Can single agent detect those multiple portals? How are the SKUs per portal or per agent.</P> Tue, 27 Jul 2021 12:51:05 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125006#M26 Blason_R 2021-07-27T12:51:05Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125007#M27 <P>I think the license is per amount of requests or something like that.</P> <P>anyway you configure on the Agent the IP addresses that it needs to protect so if the requests are going to IP addresses on that server then he will protect all of the portals.</P> Tue, 27 Jul 2021 13:23:36 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125007#M27 Nir_Shamir 2021-07-27T13:23:36Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125009#M28 <P>Thanks man - the Idea is currently we are using mod_sec and protecting apps like</P><UL><LI>example.com</LI><LI>test.testing.com</LI><LI>one.notsecurenet.in</LI></UL><P>etc..</P> Tue, 27 Jul 2021 13:30:24 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125009#M28 Blason_R 2021-07-27T13:30:24Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125083#M29 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1551">@Blason_R</a>&nbsp;,&nbsp;</P> <P>If you need help with deployment, let me know and i will make sure you will get assistance.</P> Wed, 28 Jul 2021 05:48:55 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125083#M29 Shay_Levin 2021-07-28T05:48:55Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125088#M30 <P>Thanks Shay - Since we have done numerous Nginx reverse proxy installations we are pretty confident on it. However I am replicating and testing in my partner portal account and in my test environment. So far is going good and have integrated with nginx.</P><P>Once I am confident we then can replicate the same story with our customers as Nginx reverse proxy. However I am confused about commercials and workings.</P><P>lets discuss that later for sure - Let me first finish the technical part and if I am stuck will contact you for sure.</P><P>&nbsp;</P><P>TIA</P> Wed, 28 Jul 2021 06:03:13 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125088#M30 Blason_R 2021-07-28T06:03:13Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125178#M31 <P>Thanks Guys!! It worked perfectly with my test setup and nginx reverse proxy. <span class="lia-unicode-emoji" title=":grinning_face:">😀</span></P><P>Trying few more scenarios with multiple URLs.</P> Thu, 29 Jul 2021 03:07:50 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125178#M31 Blason_R 2021-07-29T03:07:50Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125179#M32 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/12733">@Shay_Levin</a>&nbsp;</P><P>I am facing this unique issue in further testing. Now my reverse proxy holds two URLs</P><P><A href="http://www.hackme.com" target="_blank">www.hackme.com</A></P><P><A href="http://www.box.com" target="_blank">www.box.com</A></P><P>I created two assets for two different websites. However both my websites are getting blocked by Check Point Infinity agent even though I set the profile accordingly. Now for testing purpose I stopped the agent with cpnano -q and both the sites started accessing properly. However when I start the agent it blocks again.</P><P>Any reason why?</P><P>I restarted the agent but its still blocking the legitimate requests</P> Thu, 29 Jul 2021 04:33:29 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125179#M32 Blason_R 2021-07-29T04:33:29Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125215#M33 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1551">@Blason_R</a>&nbsp; what do you see in the logs ? what is the reason it was blocked ?</P> <P>could be that the site is vulnerable ?</P> Thu, 29 Jul 2021 11:02:00 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125215#M33 Nir_Shamir 2021-07-29T11:02:00Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125373#M34 <P>Thanks&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1792">@Nir_Shamir</a>&nbsp;I had a offline discussion with Shay, Gal and Eyal and found the issue. Well certain features are still in EA and have activated prevent mode directly without learning mode.</P> Sat, 31 Jul 2021 02:33:14 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125373#M34 Blason_R 2021-07-31T02:33:14Z https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125437#M35 <P>Thanks a lot <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/12733">@Shay_Levin</a>&nbsp; for helping me out on resolving the issue. It was due to the setting on asset for blocking non-relevant applications and since my web server was listening on other portal request is being blocked by agent.</P><P>We added the setting in nginx web server and bypassed that location.</P><P>Thanks a lot Team!!</P> Mon, 02 Aug 2021 08:25:22 GMT https://community.checkpoint.com/t5/WAF/Cloudguard-Appsec-Integration-with-existing-nginx-reverse-proxy/m-p/125437#M35 Blason_R 2021-08-02T08:25:22Z