[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] HTTP with resource
Just a wild guess. I usually see Content-Dispostion on mail headers specifically on the attachment part. Maybe, you can be more specific on your websense rule so that it doesn't trigger everything that it sees. Like Content-Disposition-blah-...... ----- Original Message ----- From: "Mills, Paul" <[email protected]> To: <[email protected]> Sent: Thursday, March 21, 2002 9:47 PM Subject: Re: [FW-1] HTTP with resource > I am also having an issue with Websense and VPN-1 4.1 SP5 > If a website has a really long URL or uses JavaScript, I receive an error > message in the logs > "reason Content-Disposition connections are not allowed" > > I tried experimenting with the Connection options (transparent, proxy & > tunneling) to no avail. > > Websense doesn't know what's up and I've got Nokia and Checkpoint running > around in circles on this problem. I get this error message when I use the > Websense as the HTTP resource or "Wildcard" as the resource (as recommended > by Websense to narrow down the problem) with or without Client Auth (used > for Authorized Internet Access) > > Since I have all the vendors stumped, anyone here have any suggestions? > > Paul Mills > CheckPoint Certified (CCSA, CCSE) > Senior Data Security Analyst-Firewall Group > > > -----Original Message----- > From: Jim Parker [mailto:[email protected]] > Sent: Monday, March 18, 2002 10:37 AM > To: [email protected] > Subject: Re: [FW-1] HTTP with resource > > > BTW > 4.1 SP5 > > ----- Original Message ----- > Subject: [FW-1] HTTP with resource > > > > Is the following a bug, or a feature? > > > > I set up a rule, any - any - 'http with resource' - reject to filter > blocked > > URI's with websense. > > I have 'transparent' checked but not 'proxy' as I don't want to use the > > proxy feature. > > The next rule allows http so that all sites accepted by websense db get > > allowed through. > > > > When i set the firewall as my default gateway and open up a browser, and > go > > to playboy.com the page is blocked so the rule is working, I try > google.com > > and get out so ok - working. > > > > Now, if i set the fw port 80 as my proxy in the browser and try > playboy.com > > again I get straight out onto the net. bypassing websense because proxy > > wasn't checked and therefore doesn't match the rule. > > > > Surely not checking 'proxy' should mean don't act as a proxy??? > > > > Your thoughts gents. > > JP > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|