The following error message appears in the DPI Events tab on the Deep Security Manager (DSM) console when updating the DSAs:
There are one or more Application Type conflicts on this Computer. One or more DPI Rules associated with one Application Type are dependent on one or more DPI Rules associated with another Application Type. The conflict exists because the two Application Types use different Ports.
These are the conflicting Application Types:
[A] "Web Application Tomcat" Ports: [80,8080,4119] [B] "Web Server Common" Ports: [80,631,8080,7001,7777,7778,7779,7200,7501,8007, 8004,4000,32000,5357,5358,9000]
[A] "Web Server Miscellaneous" Ports: [80,4000,7100,7101,7510,8043,8080,8081,8088,8300,8500, 8800,9000,9060,19300,32000,3612,10001,8093,8094] [B] "Web Server Common" Ports: [80,631,8080,7001,7777,7778,7779,7200,7501,8007, 8004,4000,32000,5357,5358,9000]
Below are the different reasons why the error occurs and how it can be resolved:
To resolve the conflict, edit the ports used by Application Type(s) B so that they include the ports used by Application Type(s) A.
The two application types (Web Application Tomcat and Web Server Miscellaneous) are both dependent on the application type Web Server Common. This is why the ports listed in the first two application types should also appear in the Web Server Common ports.
If you consolidate the ports for these three application types, the result is:
After adding this to the Web Server Common port list, you will see this message in the Events tab:
"The Application Type Port List Misconfiguration has been resolved."
To consolidate the ports and resolve this issue:
- Log on to the Deep Security console.
- Go to Policies > Rules > IPS.
- Type "Web Server Common" in the search box on the right pane and press ENTER.
- Double-click the Web Server Common application type.
- Navigate to General Details > Application type > Edit > Web server common.
- Under the General tab > Connection Ports, replace all the ports with this consolidated entry:
- Click Apply > Save.
The issue is caused by the Application Type Properties on assigned Web Server Common, which is inherited and assigned to 4119.
To resolve the issue:
- On the Application Type Properties tab, uncheck the Inherited checkbox.
- Assign the port to Web Server Common Port List.
The alert has been resolved.
The computer status keeps showing the yellow warning message "Application Type Port List Misconfiguration".
The warning event description explains that there is port misconfiguration and conflicting application on both Web Server Miscellaneous and Web Server Common.
To reproduce the issue, you can do the following:
- Install a standalone agent or co-locate Deep Security Manager with Relay and IPS feature enabled on Windows Platform.
- Assign the Security Policy inherited from Deep Security.
- Apply Recommended for Assignment rules to the target Deep Security Agent after performing the Recommendation Scan.
- Check the Computer status on the Deep Security Manager web console. It will show the yellow warning message.
The additional rules of the following Application Types are recommended to be assigned to the target Deep Security Agent:
- Web Server Common
- 1000128 - HTTP Protocol Decoding
- Web Server Miscellaneous
- 1005509 - Nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability
- 1005519 - Nginx http_parse_chunked Denial Of Service Vulnerability
- 1005825 - Nginx Crafted URI String Handling Access Restriction Bypass Vulnerability
However, the Web Server Miscellaneous Application Type will be detected due to the NGINX process, which is used by the Deep Security Relay as Web Server for update purpose. The NGINX process is deployed when the Deep Security Relay module is enabled. Therefore, the Recommendation Scan is unable to retrieve the exact version of NGINX process via Windows system manager or software installer.
As a workaround, do the following:
- Un-assign these three (3) rules from the Security Policy:
- Send again the updated policy to Deep Security Agent.
- Clear Warnings/Errors from the target Deep Security Agent.
- Clear Recommendations and perform Scan Recommendations on the target Deep Security Agent.