[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] http security server question
i have a few rules in my policy to block nimda. src=any dst=mynetwork.com service=http->nimda_rule action=reject the uri resource http->nimda_rule is: connection method=transparent schemes=http methods=get host=* path={*cmd.exe,*root.exe,*admin.dll,*readme.exe,*default.ida,*httpodbc.dll,*check.bat,*null.ida,*null.printer,*null.idq} query=* just a few quick notes... the security server will barf on any url address that has an "@" symbol in it.. you can fix this by adding yet another rule to explicitly allow "@" to pass... ok so here is the question.. all my internal network web servers show connections from the firewall now instead of the source addresses. My web admins are greatfull for the relief from Nimda,CodeRed.. but they want valid data in thier log files.. I was under the impression that the Connection method of Transparent would allow the proper source destination data of an http request to an internal system. Anyone ever run into this before and where can i find more information about a solution for my admins? Jonathan Higgins Network Service Specialist IV [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|