NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] URI Specification File Format



Title: RE: [FW1] URI Specification File Format
I have already solved my question.  Thanks to those who answered my question.
However, I will consider to buy OSPEC Certified Product to fulfill the function of URI Filtering in CKPFW as there are tremendous web sites out there on Internet where some specific web sites may be left out in URI screening if I relies on just one URI specification file created by myself.
 
The exact URI Specification File Format should be like this:
 
  ip-address    /path    0
 
For example:    207.246.147.20 0 (where /path is optional and '0' is required to put at the end of each line)
 
In Match tab (file specification), when you Import the above file located somewhere in any directory in FW, that file will be stored in the directory /<FW-server-root>/conf/lists/ and the original file name will be changed as 'URI-<resource-name>.list'.  Also, be aware of the selection of Connection Methods in General Tab.  In my case, I select 'Transparent', not 'Proxy'.  It depends on how your browser's http setting.  Anyway, it works and the error message will be seen as "FW-1: Access Denied ....."  if the request of http matches any IP address listed in that file.
 

Regards,
William

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Wednesday, November 01, 2000 4:46 AM
To: [email protected]; [email protected]; [email protected]; [email protected]
Subject: RE: [FW1] URI Specification File Format

The proper format for the URI specification file is IP Address path followed by a number that does something I can't remember.

So you basically have entries that look like this.

192.168.100.1 / 0
10.1.1.1 / 0

That suppresses the entire server.  I have never tried to drill down from / but I assume it works.

One important note.  There is a limitation in FW-1 that does not allow a list of addresses greater than 59 at least in ver 4.1 SP1.  If you try more than 59 addresses your FW will crash with a message saying GZ Inflate failed and run in an unstable non-functioning state.  I don't know if this still exists in SP2.

> -----Original Message-----
> From: Chris F [mailto:[email protected]]
> Sent: Tuesday, October 31, 2000 2:55 PM
> To: Carl E. Mankinen; William CHAN;
> [email protected]
> Subject: RE: [FW1] URI Specification File Format
>
>
>
> I get that error if I reinstall my policy.
> What platform are you running FW1 on? What about your
> URI? ... or is it just a file?
>
> I have to kill -HUP my ahttpd daemon to "repair" my
> "Access Denied" problem  :(
>
> Thanks -- Chris
>
> --- "Carl E. Mankinen" <[email protected]> wrote:
> >
> > My experience has not been very good with using URI
> > filtering in 4.1 SP2.
> > I don't know if it's just me, but when I try to
> > filter http GET's using
> > a path wildcard, I get all sorts of problems pulling
> > up pages that do
> > not come close to matching, and I get a lot of "FW1
> > Error, Access Denied"
> > even though I have a replacement URI specified...
> >
> > -----Original Message-----
> > From: [email protected]
> >
> [mailto:[email protected]]On
> > Behalf Of
> > William CHAN
> > Sent: Sunday, October 29, 2000 10:32 PM
> > To: [email protected]
> > Subject: [FW1] URI Specification File Format
> >
> >
> >
> > Hi,
> >
> > Apart from using any UFP products, I would like to
> > know what the exact URI
> > file format for each record is when using URI
> > Definition Window for Match
> > Tab File Specification?
> > Does anybody want to share his/her experience with
> > me?
> > Many thanks.
> >
> > Regard,
> > William
> >
> >
> >
> ==============================================================
> ==================
> >      To unsubscribe from this mailing list, please
> > see the instructions at
> >              
> > http://www.checkpoint.com/services/mailing.html
> >
> ==============================================================
> ==================
> >
> >
> >
> >
> ==============================================================
> ==================
> >      To unsubscribe from this mailing list, please
> > see the instructions at
> >              
> > http://www.checkpoint.com/services/mailing.html
> >
> ==============================================================
> ==================
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Messenger - Talk while you surf!  It's FREE.
> http://im.yahoo.com/
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>



***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.

Gruntal & Co., L.L.C.
***********************************************************************


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.