The following error message appears in the DPI Events tab on the Deep Security Manager (DSM) console when updating the DSAs:
There are one or more Application Type conflicts on this Computer. One or more DPI Rules associated with one Application Type are dependent on one or more DPI Rules associated with another Application Type. The conflict exists because the two Application Types use different Ports.
These are the conflicting Application Types:
[A] "Web Application Tomcat" Ports: [80,8080,4119] [B] "Web Server Common" Ports: [80,631,8080,7001,7777,7778,7779,7200,7501,8007, 8004,4000,32000,5357,5358,9000]
[A] "Web Server Miscellaneous" Ports: [80,4000,7100,7101,7510,8043,8080,8081,8088,8300,8500, 8800,9000,9060,19300,32000,3612,10001,8093,8094] [B] "Web Server Common" Ports: [80,631,8080,7001,7777,7778,7779,7200,7501,8007, 8004,4000,32000,5357,5358,9000]
Below are the different reasons why the error occurs and how it can be resolved:
To resolve the conflict, edit the ports used by Application Type(s) B so that they include the ports used by Application Type(s) A.
The two application types (Web Application Tomcat and Web Server Miscellaneous) are both dependent on the application type Web Server Common. This is why the ports listed in the first two application types should also appear in the Web Server Common ports.
If you consolidate the ports for these three application types, the result is:
After adding this to the Web Server Common port list, you will see this message in the Events tab:
"The Application Type Port List Misconfiguration has been resolved."
To consolidate the ports and resolve this issue:
- Log on to the Deep Security console.
- Go to Policies > Rules > IPS.
- Type "Web Server Common" in the search box on the right pane and press ENTER.
- Double-click the Web Server Common application type.
- Navigate to General Details > Application type > Edit > Web server common.
- Under the General tab > Connection Ports, replace all the ports with this consolidated entry:
- Click Apply > Save.
It is also recommended for the Administrators to disable the inherit option for DPI for a security profile. Any change you make to the application type will only affect this particular security profile.
- Log on to the Deep Security console.
- Go to Security Profiles on the left panel of the console.
- Select a security profile that you prefer to edit on the right pane.
- Go to the DPI section on the left pane of the Profile window.
- Disable or deselect the Inherit option on the right pane.
- Click Save.
You also need to check IPS rule 1000128:
- Right-click Application Type Properties.
- Unselect Inherit.
- Check the current inherited port list contain port 4119 or not. If not, add this port to the web server common port group.
- Click Inherit again.
The computer status keeps showing the yellow warning message "Application Type Port List Misconfiguration".
The warning event description explains that there is port misconfiguration and conflicting application on both Web Server Miscellaneous and Web Server Common.
To reproduce the issue, you can do the following:
- Install a standalone agent or co-locate Deep Security Manager with Relay and IPS feature enabled on Windows Platform.
- Assign the Security Policy inherited from Deep Security.
- Apply Recommended for Assignment rules to the target Deep Security Agent after performing the Recommendation Scan.
- Check the Computer status on the Deep Security Manager web console. It will show the yellow warning message.
The additional rules of the following Application Types are recommended to be assigned to the target Deep Security Agent:
- Web Server Common
- 1000128 - HTTP Protocol Decoding
- Web Server Miscellaneous
- 1005509 - Nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability
- 1005519 - Nginx http_parse_chunked Denial Of Service Vulnerability
- 1005825 - Nginx Crafted URI String Handling Access Restriction Bypass Vulnerability
However, the Web Server Miscellaneous Application Type will be detected due to the NGINX process, which is used by the Deep Security Relay as Web Server for update purpose. The NGINX process is deployed when the Deep Security Relay module is enabled. Therefore, the Recommendation Scan is unable to retrieve the exact version of NGINX process via Windows system manager or software installer.
As a workaround, do the following:
- Un-assign these three (3) rules from the Security Policy:
- Send again the updated policy to Deep Security Agent.
- Clear Warnings/Errors from the target Deep Security Agent.
- Clear Recommendations and perform Scan Recommendations on the target Deep Security Agent.