Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] AW: Re: [FW-1] HTTP with resource

To: [email protected]
Subject: [FW-1] AW: Re: [FW-1] HTTP with resource
From: Walter Nordmann <[email protected]>
Date: Fri, 22 Mar 2002 10:25:07 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Thread-index: AcHRV47w2uEOLDQ/SjOD6mzKYzTnKwAK4xth
Thread-topic: Re: [FW-1] HTTP with resource

hi paul,

there is a flag called  http_allow_content_disposition in objects_5.C on NG
value is FALSE.

this flag should exist in 4.1 too. set it to TRUE

walter


-----Ursprüngliche Nachricht-----
Von:    Mills, Paul [mailto:[email protected]]
Gesendet:       Fr 22.03.2002 04:47
An:     [email protected]
Cc:	
Betreff:             Re: [FW-1] HTTP with resource

I am also having an issue with Websense and VPN-1 4.1 SP5
If a website has a really long URL or uses JavaScript, I receive an error
message in the logs
"reason Content-Disposition connections are not allowed"

I tried experimenting with the Connection options (transparent, proxy &
tunneling) to no avail.

Websense doesn't know what's up and I've got Nokia and Checkpoint running
around in circles on this problem.  I get this error message when I use the
Websense as the HTTP resource or "Wildcard" as the resource (as recommended
by Websense to narrow down the problem) with or without Client Auth (used
for Authorized Internet Access)

Since I have all the vendors stumped, anyone here have any suggestions?

Paul Mills
CheckPoint Certified (CCSA, CCSE)
Senior Data Security Analyst-Firewall Group


-----Original Message-----
From: Jim Parker [mailto:[email protected]]
Sent: Monday, March 18, 2002 10:37 AM
To: [email protected]
Subject: Re: [FW-1] HTTP with resource


BTW
4.1 SP5

----- Original Message -----
Subject: [FW-1] HTTP with resource


> Is the following a bug, or a feature?
>
> I set up a rule, any - any - 'http with resource' - reject to filter
blocked
> URI's with websense.
> I have 'transparent' checked but not 'proxy' as I don't want to use the
> proxy feature.
> The next rule allows http so that all sites accepted by websense db get
> allowed through.
>
> When i set the firewall as my default gateway and open up a browser, and
go
> to playboy.com the page is blocked so the rule is working, I try
google.com
> and get out so ok - working.
>
> Now, if i set the fw port 80 as my proxy in the browser and try
playboy.com
> again I get straight out onto the net. bypassing websense because proxy
> wasn't checked and therefore doesn't match the rule.
>
> Surely not checking 'proxy' should mean don't act as a proxy???
>
> Your thoughts gents.
> JP
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

================================================To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
================================================To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================If you have any questions on how to change your
subscription options, email
[email protected]
================================================

Prev by Date: [FW-1] AW: [FW-1] Is it true that NG on Linux does not support automagic handling of (ARP proxy + static route) for static NAT?
Next by Date: [FW-1] Downlaoding attachemnts from Web Based Mails (yahoo,hotmail,redif f)
Previous by thread: [FW-1] AW: [FW-1] Is it true that NG on Linux does not support automagic handling of (ARP proxy + static route) for static NAT?
Next by thread: [FW-1] Downlaoding attachemnts from Web Based Mails (yahoo,hotmail,redif f)
Index(es):
- Date
- Thread