Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Nimda rule (URI resource matching) makes file-uploading fail

To: [email protected]
Subject: [FW-1] Nimda rule (URI resource matching) makes file-uploading fail
From: Guo-Wei Chiuan <[email protected]>
Date: Thu, 28 Feb 2002 00:27:54 -0800
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi All,
I just added the Nimda rule as below in FW-1 NG (WinNT
sp6)

ANY --- ANY --- http->Nimda_URI --- drop

However, I can't successfully upload files to the web
server in the DMZ from my browser outside DMZ as long
as I enable this rule. (even I used {*.gif} for
PATH.... this is incredible!!). The web server
actually has one invalid IP and has NAT setting which
maps its invalid IP to a valid external IP.

Moreover, I did some experiments(change Source and
Destination, try couple of combinations) and found
that this rule causes the file-uploading problem only
when we use "ANY" for source and/or destination. If we
don't use "ANY" but just use it for network which
doesn't has NAT, it won't cause file-uploading
failures. ("ANY" always covers the network which has
NAT for sure; in my case, "ANY" covers external IPs
network which includes the web server NAT setting)

Apparently, we can't use Nimda rule without using
"ANY" since the only way to block inbound Nimda hack
from Internet is using "ANY" as "Source".

Does any of you know this bug regarding reousce URI
matching? Is it related to NAT? ( it can't work
properly with NAT. Certainly, this is just my guess)

How can we work around this problem or fix it if I'd
like to use Nimda rule in FW-1 NG?



Best Regards,


Jerry Chiuan
Oridus, Inc.

__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] AW: [FW-1] Multiple TACACS Server
Next by Date: [FW-1] AW: [FW-1] Provider-1
Previous by thread: Re: [FW-1] AW: [FW-1] Multiple TACACS Server
Next by thread: [FW-1] AW: [FW-1] Provider-1
Index(es):
- Date
- Thread