| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] http security server question
i have a few rules in my policy to block nimda.
src=any
dst=mynetwork.com
service=http->nimda_rule
action=reject
the uri resource http->nimda_rule is:
connection method=transparent
schemes=http
methods=get
host=*
path={*cmd.exe,*root.exe,*admin.dll,*readme.exe,*default.ida,*httpodbc.dll,*check.bat,*null.ida,*null.printer,*null.idq}
query=*
just a few quick notes... the security server will barf on any url address that has an "@" symbol in it.. you can fix this by adding yet another rule to explicitly allow "@" to pass...
ok so here is the question.. all my internal network web servers show connections from the firewall now instead of the source addresses.
My web admins are greatfull for the relief from Nimda,CodeRed.. but they want valid data in thier log files..
I was under the impression that the Connection method of Transparent would allow the proper source destination data of an http request to an internal system.
Anyone ever run into this before and where can i find more information about a solution for my admins?
Jonathan Higgins
Network Service Specialist IV
[email protected]
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
