[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] AW: Re: [FW-1] HTTP with resource
hi paul, there is a flag called http_allow_content_disposition in objects_5.C on NG value is FALSE. this flag should exist in 4.1 too. set it to TRUE walter -----Ursprüngliche Nachricht----- Von: Mills, Paul [mailto:[email protected]] Gesendet: Fr 22.03.2002 04:47 An: [email protected] Cc: Betreff: Re: [FW-1] HTTP with resource I am also having an issue with Websense and VPN-1 4.1 SP5 If a website has a really long URL or uses JavaScript, I receive an error message in the logs "reason Content-Disposition connections are not allowed" I tried experimenting with the Connection options (transparent, proxy & tunneling) to no avail. Websense doesn't know what's up and I've got Nokia and Checkpoint running around in circles on this problem. I get this error message when I use the Websense as the HTTP resource or "Wildcard" as the resource (as recommended by Websense to narrow down the problem) with or without Client Auth (used for Authorized Internet Access) Since I have all the vendors stumped, anyone here have any suggestions? Paul Mills CheckPoint Certified (CCSA, CCSE) Senior Data Security Analyst-Firewall Group -----Original Message----- From: Jim Parker [mailto:[email protected]] Sent: Monday, March 18, 2002 10:37 AM To: [email protected] Subject: Re: [FW-1] HTTP with resource BTW 4.1 SP5 ----- Original Message ----- Subject: [FW-1] HTTP with resource > Is the following a bug, or a feature? > > I set up a rule, any - any - 'http with resource' - reject to filter blocked > URI's with websense. > I have 'transparent' checked but not 'proxy' as I don't want to use the > proxy feature. > The next rule allows http so that all sites accepted by websense db get > allowed through. > > When i set the firewall as my default gateway and open up a browser, and go > to playboy.com the page is blocked so the rule is working, I try google.com > and get out so ok - working. > > Now, if i set the fw port 80 as my proxy in the browser and try playboy.com > again I get straight out onto the net. bypassing websense because proxy > wasn't checked and therefore doesn't match the rule. > > Surely not checking 'proxy' should mean don't act as a proxy??? > > Your thoughts gents. > JP > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================If you have any questions on how to change your subscription options, email [email protected] ================================================
|