[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] URI usage odd symptom
Afternoon all, I have for the second time, encountered a very odd issue when using a hand made list of sites I block, using a URI file. The issue is as follows. I have a file containing about 1400 sites, in IP notation that we do not want users here to get to. Since this list is mainly made up of hard core sites, the list obviously fluctuates, growing and shrinking as some are taken off the list after users stop going there, and others are added. I added IP address number 1401 a few days ago, and as soon as I installed the rules, noone could access the Internet, receiving time outs on every site they tried. Pings and FTP of course worked fine, but any site that was HTTP based, and was accessed, timed out. This when users hit any rule that used the URI file. Users without this rule, worked fine (obviously). The moment I removed the rule using the URI file, which has worked for close to a year here now, everything started working again immediately. But...I am left with no site blocking, and at the moment can't put in any software for this, so I'm sort of stuck with the URI file route for now. Does anyone know of any limitations to how many lines a URI file can have (How many IP addresses that is)? Or why the systems stopped responding ? Is it possible to make two rules, each one using a different URI file ? If so, would this help ? My current rules look something like this : Proxy-Internal Any HTTP-Block-Bad-Sites Reject Long <- This is the rule using the URI Proxy-Internal Any HTTP-Block-Dlds Reject Long <- Blocks specific file dld's Proxy-Internal Any HTTP Accept Long <- Allows all else Anyone ? Thanks all, Mike Glassman System & Security Admin Israeli Airports Authority Ben-Gurion Airport http://www.ben-gurion-airport.co.il Tel : 972-3-9710785 Fax : 972-3-9710939 Email : [email protected] Usage of this email address or any email address at iaa.gov.il for the purpose of sales pitches, SPAM or any other such unwanted garbage, is illegal, and any person, whether corporate or alone doing so, will be prosecuted to the fullest possible extent. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|