|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] URI Specification File Format
Title: RE: [FW1] URI Specification File Format
I have
already solved my question. Thanks to those who answered my
question.
However, I will consider to buy OSPEC Certified Product
to fulfill the function of URI Filtering in CKPFW as there are tremendous
web sites out there on Internet where some specific web sites may be
left out in URI screening if I relies on just one URI specification file
created by myself.
The
exact URI Specification File Format should be like this:
ip-address
/path 0
For
example: 207.246.147.20 0 (where /path is optional and '0' is
required to put at the end of each line)
In
Match tab (file specification), when you Import the above file located somewhere
in any directory in FW, that file will be stored in the directory
/<FW-server-root>/conf/lists/ and the original file name will be changed
as 'URI-<resource-name>.list'. Also, be aware of the selection of
Connection Methods in General Tab. In my case, I select 'Transparent', not
'Proxy'. It depends on how your browser's http setting. Anyway, it
works and the error message will be seen as "FW-1: Access Denied ....." if
the request of http matches any IP address listed in that
file.
Regards, William
The proper format for the URI specification file is IP Address
path followed by a number that does something I can't remember.
So you basically have entries that look like this.
192.168.100.1 / 0 10.1.1.1 / 0
That suppresses the entire server. I have never tried to
drill down from / but I assume it works.
One important note. There is a limitation in FW-1 that
does not allow a list of addresses greater than 59 at least in ver 4.1
SP1. If you try more than 59 addresses your FW will crash with a message
saying GZ Inflate failed and run in an unstable non-functioning state. I
don't know if this still exists in SP2.
> -----Original Message----- >
From: Chris F [mailto:[email protected]]
> Sent: Tuesday, October 31, 2000 2:55 PM > To: Carl E. Mankinen; William CHAN; >
[email protected] > Subject:
RE: [FW1] URI Specification File Format >
> > > I get that error if I reinstall my policy. > What platform are you running FW1 on? What about your
> URI? ... or is it just a file? > > I have to kill -HUP my ahttpd daemon
to "repair" my > "Access Denied" problem
:( > > Thanks --
Chris > > --- "Carl E.
Mankinen" <[email protected]> wrote: > >
> > My experience has not been very good with
using URI > > filtering in 4.1 SP2.
> > I don't know if it's just me, but when I try
to > > filter http GET's using > > a path wildcard, I get all sorts of problems pulling
> > up pages that do > >
not come close to matching, and I get a lot of "FW1 > > Error, Access Denied" > > even
though I have a replacement URI specified... > >
> > -----Original Message----- > > From: [email protected]
> > > [mailto:[email protected]]On
> > Behalf Of > > William
CHAN > > Sent: Sunday, October 29, 2000 10:32
PM > > To:
[email protected] > >
Subject: [FW1] URI Specification File Format > >
> > > >
> > Hi, > >
> > Apart from using any UFP products, I would
like to > > know what the exact URI
> > file format for each record is when using
URI > > Definition Window for Match
> > Tab File Specification? > > Does anybody want to share his/her experience with
> > me? > > Many
thanks. > > > >
Regard, > > William >
> > > >
> >
==============================================================
> ================== >
> To unsubscribe from this mailing list,
please > > see the instructions at
>
>
> > http://www.checkpoint.com/services/mailing.html
> > >
==============================================================
> ================== > >
> > > >
> > >
==============================================================
> ================== >
> To unsubscribe from this mailing list,
please > > see the instructions at
>
>
> > http://www.checkpoint.com/services/mailing.html
> > >
==============================================================
> ================== >
> >
__________________________________________________ > Do You Yahoo!? > Yahoo! Messenger -
Talk while you surf! It's FREE. > http://im.yahoo.com/
> > >
==============================================================
> ================== > To unsubscribe from this mailing
list, please see the > instructions at
>
http://www.checkpoint.com/services/mailing.html
>
==============================================================
> ================== >
*********************************************************************** Gruntal
& Co., L.L.C.'s e-mail system is for business purposes only. Messages
are not confidential. All e-mail may be reviewed by authorized
supervisors, compliance or internal audit personnel. E-mail will be
archived for at least three years and may be produced to regulatory
agencies or others with a legal right to access such information. Gruntal
will not accept trade order instructions via e-mail. Please telephone your
Account Executive to place trade orders.
Gruntal & Co.,
L.L.C. ***********************************************************************
|
|