|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Problem blocking CodeRed with http resource
Actually I dont have that anymore and I still suffer the problem... The rules are now: ANY -> ActiveWebServers -> Nimbablock -> DROP ANY -> ActiveWebServers -> http -> ACCEPT LOCALNET -> ActiveWebServrs -> FTP -> ACCEPT LOCALNET -> ActiveWebServers -> ANY -> DROP And I still suffer this fate... Would what you are saying still cause this problem? -----Original Message----- From: ychapman [mailto:[email protected]] Sent: Monday, October 22, 2001 7:02 PM To: FW-1-MAILINGLIST Subject: Re: [FW-1] Problem blocking CodeRed with http resource That is because your rule is > (Not localnet -> ActiveWebServers http accept) and I believe the "localnet" includes the address of firewall or the server itself has ACL to reject the access from firewall. When you use URI rule, the firewall works as proxy so the source address becomes the address of firewall, not the original source address. That's why the client receives an error message from firewall, not from the server or the browser. > Firewall-1: Failed to connect to www server ========================= Yuriko Chapman Systems Engineer Xerox Palo Alto Research Center 3333 Coyote Hill Rd. Palo Alto, CA 94304-1314 > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Thursday, October 18, 2001 9:11 PM > To: [email protected] > Subject: Re: [FW-1] Problem blocking CodeRed with http resource > > > Yes, the original working rule is still in there. > (Not localnet -> ActiveWebServers http accept) > > > The blockage only occurs on http public net -> DMZ net > It still works fine from private new -> DMZ net > > There is NAT running, but I dont see how it would hurt (of > course I have > been surprised before). > > > > -----Original Message----- > From: dimitris.chontzopoulos > [mailto:[email protected]] > Sent: Thursday, October 18, 2001 12:57 PM > To: FW-1-MAILINGLIST > Subject: Re: [FW-1] Problem blocking CodeRed with http resource > > > Have you added a rule under the BlockNimda rule to allow the > rest of the > http traffic??? > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Thursday, October 18, 2001 5:11 PM > To: [email protected] > Subject: Re: [FW-1] Problem blocking CodeRed with http resource > > > Ah thank you. > > Any idea why it is not working though? > > -----Original Message----- > From: Werner.Brockhoven [mailto:[email protected]] > Sent: Thursday, October 18, 2001 5:14 AM > To: FW-1-MAILINGLIST > Subject: Re: [FW-1] Problem blocking CodeRed with http resource > > > Hi, > > You'll also want to add readme.eml > > Regards, > > Werner > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Wednesday, October 17, 2001 9:47 PM > To: [email protected] > Subject: [FW-1] Problem blocking CodeRed with http resource > > > Hey all > > I picked up the way to do this out of an earlier thread and got it to > work wonderfully - I thought. > > Once I had it in place (it being the following): > > ANY - ANY - NIMBABLOCK - DROP > > Where NIMBABLOCK is an Resource URI definition like: > > Connection methods: Transparent, Proxy > Exception track: Log > URI match: Wild Cards > Schemes: http > Methods: GET > Host: * > Path: > {*default.ida?*,*cmd.exe?*,*root.exe?*,*dmin.dll,*/x,*readme.exe*} > Query: * > > Works great if I test it going out to the DMZ from inside, > but coming in > from the Internet to the DMZ it apparently is blocking all web traffic > on this rule. From the inside to the DMZ it works perfectly > > Any help would be appreciated as my web server logs are filling with > this fluff > > Bill (FW41-1, SP 2, HPUX) > > > > > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
