Webdav Autolockout

asked on July 11 • Show version history

Hello

I have a customer with a DMZ setup using Mobile, WebClient, Forms, and Public Portal. Intermittently, on their security reports, they see activity between the DMZ and their LFS server that is identified as high severity. The activity application is WebDAV over port 80 and is trying to access or perform Autolockout.

Below is a screenshot from a report previously provided:

Their configuration is not using WebDAV in any way. I have gone through all of their access points (web client, forms, public portal, and mobile) to ensure they are all set to use TLS, but it still seems to be popping up every few months and I can't track it to any specific events.

Does anyone know if there are any LF processes that use WebDAV in the background for communication? They are on Laserfiche version 12 but the problem existed before upgrading.

Jim

0 0

replied on July 11

Regarding:

Their configuration is not using WebDAV in any way.

WebDAV is an extension to the HTTP protocol, and Laserfiche Repository Server and the client libraries that communicate with it (Repository Access, LFSO) use WebDAV functionality. It's not surprising that security tooling doing network inspection is detecting and flagging repository traffic as WebDAV, because it is.

I don't have any specific insight into what "autolockout" might be or what that call is going over port 80/http instead of 443/https. If the security tool is capturing the whole http request in question, I'd inspect it and see if there's any sort of client application identifier in the request headers that could point you in the right direction.

0 0

Question

Question

Replies

Sign in to reply to this post.