Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] HTTP, HTTPS, and FW-1

To: [email protected]
Subject: Re: [FW-1] HTTP, HTTPS, and FW-1
From: Russell Washington <[email protected]>
Date: Tue, 23 Apr 2002 08:23:16 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Ideally your web server should be providing this response.  You're basically
asking to get an HTML response to using http instead of https, and you've
cut off all http access to the device that serves up the HTML.  Since the
device is inaccessible via http, you get (drumroll please) "cannot find
server", i.e., "I can't get a response from the device."

I suppose there might be a way to tell FW1 to handle this for you (I don't
know for sure, so I couldn't tell you what it is).  But my advice to you
would be to let the Apache server do the job, since that *is* its job, by
letting it kick out the 403-- or even better, put a page up on the http side
that automatically redirects to the https site.

-----Original Message-----
From: Luis Aguilera [mailto:[email protected]]
Sent: Tuesday, April 23, 2002 7:51 AM
To: [email protected]
Subject: [FW-1] HTTP, HTTPS, and FW-1


Hello everyone,
have an esoteric question.

We have an apache webserver. This server has been accessible to the world
with http. I recently acquired an ssl certificate and I'm now forcing all
traffic to use https. To do this, I simply changed the FW rule to accept
traffic only from the https service.

It all works fine, except for one thing.

If you go to the url https://hostname.ourcompany.com it works great.
However, if you go to http://hostname.ourcompany.com you will eventually get
a "page cannot be displayed... cannot find server or DNS error". The FW logs
correctly show the http packet being dropped.

Now, I've done a little research and found that error 403-4.htm (in IE)
instructs the user to enter httpS://... as the url.

Does any now how I can get FW-1 to respond back with a specific html error?

thanks

Luis Aguilera
IT Manager
BaseSix

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] How can I manage policies remotely
Next by Date: Re: [FW-1] HTTP, HTTPS, and FW-1
Previous by thread: [FW-1] HTTP, HTTPS, and FW-1
Next by thread: Re: [FW-1] HTTP, HTTPS, and FW-1
Index(es):
- Date
- Thread