NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Malformed URLs (fixed!) but now HTTPS


  • To: [email protected]
  • Subject: [FW-1] Malformed URLs (fixed!) but now HTTPS
  • From: "John W. Kralik" <[email protected]>
  • Date: Sun, 26 May 2002 03:27:21 -0600
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcH8D6zjCQCBS6gMSSajMcCsBVvBWAIhznKQ
  • Thread-topic: Re: [FW-1] Malformed URLs

OK...

Fixed the URL problem by upgrading to Feature Pack 2.  But now I can't
get to any HTTPS sites.

I'm using the same rule as I did with Feature Pack 1 (it worked then).

I am seeing an error on the log viewer that says "reason Web Content
Security - access denied to resource"

I don't have any web content monitoring software installed.

Anyone have an idea?

~~~John


> ----------
> From:         John W. Kralik[SMTP:[email protected]]
> Reply To:     Mailing list for discussion of Firewall-1
> Sent:         Wednesday, May 15, 2002 7:41 AM
> To:   [email protected]
> Subject:      Re: [FW-1] Malformed URLs
>
> Right,
>
> The spaces are auto-converted by MSIE (normal behavior), which is not
> normally a problem (without Checkpoint, the request works fine.)  In
> fact, our old Raptor Firewall has no problem passing these requests.
>
> When Firewall-1 is put in place though, these web pages are
inaccessible
> to my client machines.
>
> Is this a bug with Firewall-1, or is there a work around?
>
> ~~~John
>
>
> On Wed, May 15, 2002 at 12:14:49PM +0200, Volker Tanger wrote:
> > John W. Kralik wrote:
> > >
> > >        The firewall does not seem to allow passage of "white
space"
> > >characters in URL requests.  (Such as http://www.anywhere.com/white
> > >space here.html)  We are using MS IE Explorer 6.0, which fills in
the
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >spaces with %20 characters.
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > The firewall behaviour is correct - it's MSIE that goofs.
>  Oh really?
> > A correct request looks like
> >
> >        COMMAND URL PROTOCOL
> >        optional: header
> >        optional: header
> >
> >        (double CR/LF)
> >
> > with COMMAND usually being get/post/put/head/connect and URL *not*
> > containing whitespaces as the whitespaces are used to separate
> COMMAND,
>  spaces in URL are autoconverted to %20 (at least this is what i read
>  above)
>
> --
>  Robert Ramiega  <[email protected]> RR282-RIPE
>  Security Team Leader   | Systems Administrator
>  TDC Internet Polska SA | PDi Ltd
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.