[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Problem using URI Resources for redirection



I think you need two more rules.

You need one rule that permits access to B.dominio on port 8080.

You need one rule that DENIES all other access to A.dominio. This ensures
that only the rule with the resource is used.

However, I'm not sure that this is going to do what you want. The idea of
the replacement URI field is not to do site redirection but rather to
present a page when the rule isn't permitted. For example, you might want to
deny access to a particular site and instead redirect users off to a page
that explains why you are denying access to that site. That is when the
replacement URI is used.

--Philip

--
Philip Colmer MBCS CEng                 Tel: 01223 271223
I.T. Manager                            Fax: 01223 215513
ProQuest Information & Learning
The Quorum, Barnwell Road, Cambridge, CB5 8SW


> -----Original Message-----
> From: Anuska Arag�n Fern�ndez [mailto:[email protected]]
> Sent: 10 September 2002 12:53
> To: [email protected]
> Subject: [FW-1] Problem using URI Resources for redirection
>
> Hello,
>
> I'm trying to use URI resources to do a redirection but I'm afraid I'm
> doing something wrong, because it's not working.
>
> What I want to do is to redirect every http access to machine
> A.dominio:8080 to machine B.dominio:8080. Both of them are protected by
> the firewall.
>
> I have defined a URI resource with the following options:
>
> In the General tab:
>     Use this resource to: Enforce URI capabilities
>     Connection Methods: Transparent and Proxy
>     URI Match: Wild Cards
> In the Match tab:
>     Schemes: http
>     Methods: Other *
>     Host: A.dominio:8080
>     Path: /*
>     Query: *
> In the Action tab:
>     Replacement URI: http://B.dominio:8080/
>
> In the rule base  I have a rule like this:
>     Source: any
>     Destination: A.dominio
>     Service: the resource I have defined
>     Action: accept.
>
>
> This is not working. When I try to connect from outside the firewall to
> http://A.dominio:8080, the conection is dropped by the last rule (drop
> anything)
> When I try to connect to http://A.dominio, I get a reject (instead of a
> drop) by the same last rule and in the info field it says "resource
> http://xxx.xxx.xxx.xxx:80/ reason Content Security - access denied."
>
> Could any of you tell me what I'm doing wrong?
> Thanks in advance,
>
> --
> A n u s k a     A r a g � n
> Servicio Inform�tico              e-mail: [email protected]
> Universidad de La Rioja           Tf.:    +34 941 299233
> Av. de La Paz 93, 26004 Logro�o   Fax:    +34 941 299180
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================