Diego F. Lastra S. wrote:
The WebServer is a IIS and it's running Microsoft Sharepoint as the
application server. The guys at Microsoft told us that is impossible to
change the way cookies are sent in binary to the web clients.
Is there any other workaround for this problem?
Thanks...
Disallowing non-ASCII in headers isn't just a good idea, it's the law.
The HTTP 1.1 standard, RFC2616, allows only printable-ASCII in headers
(see section 4.2). The website is broken.
Can't tell you what to do if they won't make it HTTP-compliant. Not aware
of any choice other than to allow non-compliant headers from the whole
world. There may be ways to hack the INSPECT code to get exceptions for
limited sites, but I'm not aware of published instructions from Check
Point or third parties to do that.
-----Mensaje original-----
De: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] En nombre de Ray
Enviado el: Friday, August 26, 2005 7:16 PM
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Asunto: Re: [FW-1] Problem with a WebServer
Tell those folks to fix their web site. Allowing binary in a header is a
dangerous thing. We had this with one web site we used a lot after they did
a new site. Most of the graphics were missing, it looked horrible, links
didn't work, etc.
After I contacted them, they fixed the problem. They said they were using an
encrypted cookie and that was what was causing the problem. They changed it
so it only used ASCII and the site cleaned right up.
Ray
From: "Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Problem with a WebServer
Date: Fri, 26 Aug 2005 14:31:04 -0500
Hi,
I have a problem with a WebServer running under a Checkpoint VPN-1 Pro NG
AI
R55.
The message in the log is:
Number: 344735
Date: 26Aug2005
Time: 13:11:31
Product: SmartDefense
Interface: eth1
Origin: FW-XXXX
Type: Log
Action: Reject
Protocol: tcp
Service: http (80)
Source: 10.10.146.205
Destination: 172.20.8.112
Source Port: 3738
Attack Name: Malformed HTTP
Attack Information: Non-ASCII character in HTTP header
Even though I tried to disable some rules at the SmartDefense and
WebIntelligence still gives this error.
Any clues?
--
Crist J. Clark crist.clark AT globalstar DOT com
Globalstar Communications (408) 933-4387
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact postmaster AT globalstar DOT com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
