You are viewing limited content. For full access, please sign in.

Question

Question

Unable to Login to LF Without WebDAV Access Enabled

Version 9 Laserfiche
Updated June 8, 2021
asked on June 8, 2021 Show version history

Cast your mind back, to another time... A time when you were still pretty (mostly) innocent... A time when Laserfiche 9.1 was the latest version.

A customer is building a new 9.1 server (will be upgraded before the end of the year of course). All looked good on the server however, when attempting to login to Laserfiche on a desktop, using a repository account or a Windows one timed out.

The network admin reported that LF was attempting to connect to the WebDAV app through port 80. Laserfiche was also configured to use port 80. To my knowledge, the server was fresh build, and WebDAV Publishing in IIS has not been installed, nor does anything show on NetStat.. Unless someone else snuck something in. Sneaky app deployment teams...

See attached firewall log and error message.

Has anyone seen this before? There's nothing in the help files. And nothing in Answers, that I can find.

Screenshot 2021-05-18 151056 (1).gif
firewall.png
Screenshot 2021-05-18 151056 (1).gif (27.59 KB)
Download
firewall.png (5.31 KB)
Download
0 0

Replies

replied on June 8, 2021

I think that shows the firewall blocking the connection from client to LFS. I don't think there is such a thing as the "WebDAV app" - the firewall just knows that the connection seems to be using WebDAV (which is correct) and isn't in a position to know what process is on the other end.

3 0
replied on June 8, 2021 Show version history

I thought so too, Brian.

The customer assured me several times they had unblocked port 80 (before reporting the webdav issue). I respect the network engineer enough to post here, but acknowledge that everyone makes a mistake sometimes.

Also, I've asked for instructions on how to replicate their webdav-blocked configuration even though I really think you're right.

0 0
replied on June 8, 2021

See also: https://answers.laserfiche.com/questions/105636/Does-Laserfiche-use-authenticated-WebDAV#105646

"All communication between client applications (e.g. Windows Client, Admin Console, Web Client, Snapshot, etc..) and LFS is over WebDAV, and WebDAV is built on top of HTTP(S)."

It looks like their firewall solution inspected the traffic, detected the WebDAV protocol, and automatically added that "WebDAV app" tag (perhaps it also has "Websockets app", "SMB app", and similar tags). It's not immediately obvious if the firewall blocked the traffic because it was WebDAV or if it's simply reporting the WebDAV app bit as supplementary information.

If you want to test basic TCP connectivity, run the following in PowerShell on the end user's machine, replacing the LFS hostname as appropriate:

Test-NetConnection 'lfs.example.com' -Port 80

If the results contain a "TcpTestSucceeded" value of "false", that tells you their firewall is blocking all port 80 traffic to LFS from that user's workstation entirely. The plain TCP connection check is Layer 4 so the Layer 7 application protocols (HTTP/WebDAV) don't come into play.

1 0
replied on June 8, 2021

Yeah, I don't know. The firewall screenshot seems pretty clear that the connection is blocked.

2 0
replied on June 8, 2021 Show version history

Agree. "Action: Deny" is fairly explicit. If I were a network engineer, I wouldn't be so quick to claim that port 80 was open with that entry in my firewall logs.

Edit: If they really do have an inbound firewall rule allowing internal port 80 traffic, that doesn't preclude there being an outbound firewall rule blocking port 80 traffic coming from that client. That would still result in the traffic being denied, but from the perspective of the source not being allowed to send it rather than the destination not being allowed to receive it.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...