NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] URI usage odd symptom



Afternoon all,

I have for the second time, encountered a very odd issue when using a hand
made list of sites I block, using a URI file.

The issue is as follows.

I have a file containing about 1400 sites, in IP notation that we do not
want users here to get to. Since this list is mainly made up of hard core
sites, the list obviously fluctuates, growing and shrinking as some are
taken off the list after users stop going there, and others are added.

I added IP address number 1401 a few days ago, and as soon as I installed
the rules, noone could access the Internet, receiving time outs on every
site they tried. Pings and FTP of course worked fine, but any site that was
HTTP based, and was accessed, timed out. This when users hit any rule that
used the URI file. Users without this rule, worked fine (obviously).

The moment I removed the rule using the URI file, which has worked for close
to a year here now, everything started working again immediately. But...I am
left with no site blocking, and at the moment can't put in any software for
this, so I'm sort of stuck with the URI file route for now.

Does anyone know of any limitations to how many lines a URI file can have
(How many IP addresses that is)? Or why the systems stopped responding ?

Is it possible to make two rules, each one using a different URI file ? If
so, would this help ?

My current rules look something like this :

Proxy-Internal	Any	HTTP-Block-Bad-Sites	Reject	Long	<- This is
the rule using the URI
Proxy-Internal	Any	HTTP-Block-Dlds	Reject	Long	<- Blocks specific
file dld's
Proxy-Internal	Any	HTTP			Accept	Long	<- Allows
all else

Anyone ?

Thanks all,


Mike Glassman
System & Security Admin
Israeli Airports Authority
Ben-Gurion Airport
http://www.ben-gurion-airport.co.il

Tel : 972-3-9710785
Fax : 972-3-9710939
Email : [email protected]

Usage of this email address or any email address at iaa.gov.il for the
purpose of sales pitches, SPAM or any other such unwanted garbage, is
illegal, and any person, whether corporate or alone doing so, will be
prosecuted to the fullest possible extent.






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.