Asking about to many redirect on vulture waf

[isnuryusuf]

Hi Vulture team

i try to solve problem in my setup for a week but still not lucky to find the solution currently iam configuring vulture project as WAF on my company and found from curl output :

* Connection #0 to host portal-protected.example.com left intact
* Maximum (50) redirects followed

so basically the website using vulture cannot follow redirect

here is some output:

* Connection #0 to host portal-protected.example.com left intact
* Issue another request to this URL: 'https://portal-protected.example.com/'
* Found bundle for host portal-protected.example.com: 0x5566a9037030 [can multiplex]
* Re-using existing connection! (#0) with host portal-protected.example.com
* Connected to portal-protected.example.com (103.89.154.14) port 443 (#0)
* Using Stream ID: 65 (easy handle 0x5566a900c9a0)
> HEAD / HTTP/2
> Host: portal-protected.example.com
> User-Agent: curl/7.60.0
> Accept: */*
> 
< HTTP/2 302 
HTTP/2 302 
< date: Fri, 30 Aug 2019 07:34:55 GMT
date: Fri, 30 Aug 2019 07:34:55 GMT
< server: Apache
server: Apache
< set-cookie: TgUt81yv=801aa17cb5adc95de5ece56185333acb7b1f9d270b3eafb26e7e9ba42f5b4f8b;Path=/;httpOnly;secure
set-cookie: TgUt81yv=801aa17cb5adc95de5ece56185333acb7b1f9d270b3eafb26e7e9ba42f5b4f8b;Path=/;httpOnly;secure
< location: /
location: /
< content-type: text/html; charset=iso-8859-1
content-type: text/html; charset=iso-8859-1

< 
* Connection #0 to host portal-protected.example.com left intact
* Maximum (50) redirects followed

* TLSv1.2 (OUT), TLS alert, Client hello (1):
* Issue another request to this URL: 'https://portal-waf.example.com/'
* Hostname portal-waf.example.com was found in DNS cache
*   Trying 103.89.154.13...
* TCP_NODELAY set
* Connected to portal-waf.example.com (103.89.154.13) port 443 (#50)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL re-using session ID
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: OU=Domain Control Validated; CN=*.example.com
*  start date: Jul 16 14:56:58 2019 GMT
*  expire date: Sep 19 23:59:59 2020 GMT
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign RSA DV SSL CA 2018
*  SSL certificate verify ok.
> HEAD / HTTP/1.1
> Host: portal-waf.example.com
> User-Agent: curl/7.60.0
> Accept: */*
> 
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< date: Fri, 30 Aug 2019 07:43:55 GMT
date: Fri, 30 Aug 2019 07:43:55 GMT
< server: Apache
server: Apache
< set-cookie: TgUt81yv=feab8c48bfebbc1c049f21c9cdbe8a024d6490b62c939481b1caa7d206367b04;Path=/;httpOnly;secure
set-cookie: TgUt81yv=feab8c48bfebbc1c049f21c9cdbe8a024d6490b62c939481b1caa7d206367b04;Path=/;httpOnly;secure
< location: /
location: /
< content-type: text/html; charset=iso-8859-1
content-type: text/html; charset=iso-8859-1
< strict-transport-security: max-age=63072000; includeSubdomains; preload
strict-transport-security: max-age=63072000; includeSubdomains; preload
< x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
x-content-type-options: nosniff
< referrer-policy: no-referrer-when-downgrade
referrer-policy: no-referrer-when-downgrade
< content-security-policy:script-src: https://www.google-analytics.com;
content-security-policy:script-src: https://www.google-analytics.com;
< set-cookie: SERVERID=cmg01z00waf001; path=/
set-cookie: SERVERID=cmg01z00waf001; path=/
< connection: close
connection: close

< 
* Closing connection 50
* TLSv1.2 (OUT), TLS alert, Client hello (1):
* Maximum (50) redirects followed

the output is give us 302 found instead of 200 OK

a little help or clue will be very appreciate it

[Raznak]

The first time you reach Vulture, it send you a 302 code with a Set-Cookie header. You need to get it and call again with the cookie to reach your application.

If you don't want this behavior, you can disable the Track anonymous connexion in the Security Tab in the application configuration.

[isnuryusuf]

HI @Raznak thanks you for fast response, iam using Vulture 3 and cannot find Track anonymous connexion in the Security Tab in the application configuration.

[isnuryusuf]

Solve, thanks