Re: [FW-1] Problem with a WebServer

[Ray [Permanent Link]]

SmartDashboard
SmartDefense tab
Application Intelligence
Web
HTTP Protocol Inspection
ASCII Only Request Headers - if it's checked, you will drop binary in 
headers.
Also see ASII Only Response Headers

Ray

> From: "Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
> Reply-To: Mailing list for discussion of Firewall-1              
> <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Problem with a WebServer
> Date: Mon, 29 Aug 2005 17:58:17 -0500
>
> SPLAT:
> This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application
> Intelligence (R55) HFA_09, Hotfix 182 - Build 011
>
> Ray, thanks for your help.
>
> -----Mensaje original-----
> De: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] En nombre de Ray
> Enviado el: Monday, August 29, 2005 5:41 PM
> Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Asunto: Re: [FW-1] Problem with a WebServer
>
> Ahhh, Microsoft, no wonder. :-)
>
> What version of FW-1 are you on? I can set that binary feature off on R55.
>
> Ray
>
> >From: "Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> >Subject: Re: [FW-1] Problem with a WebServer
> >Date: Mon, 29 Aug 2005 16:35:43 -0500
> >
> >The WebServer is a IIS and it's running Microsoft Sharepoint as the
> >application server. The guys at Microsoft told us that is impossible to
> >change the way cookies are sent in binary to the web clients.
> >
> >Is there any other workaround for this problem?
> >
> >Thanks...
> >
> >-----Mensaje original-----
> >De: Mailing list for discussion of Firewall-1
> >[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] En nombre de Ray
> >Enviado el: Friday, August 26, 2005 7:16 PM
> >Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> >Asunto: Re: [FW-1] Problem with a WebServer
> >
> >Tell those folks to fix their web site. Allowing binary in a header is a
> >dangerous thing. We had this with one web site we used a lot after they 
> did
> >a new site. Most of the graphics were missing, it looked horrible, links
> >didn't work, etc.
> >
> >After I contacted them, they fixed the problem. They said they were using
> >an
> >
> >encrypted cookie and that was what was causing the problem. They changed 
> it
> >so it only used ASCII and the site cleaned right up.
> >
> >Ray
> >
> > >From: "Diego F. Lastra S." <dlastra AT XERTIX DOT COM>
> > >Reply-To: Mailing list for discussion of Firewall-1
> > ><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> > >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > >Subject: [FW-1] Problem with a WebServer
> > >Date: Fri, 26 Aug 2005 14:31:04 -0500
> > >
> > >Hi,
> > >I have a problem with a WebServer running under a Checkpoint VPN-1 Pro 
> NG
> > >AI
> > >R55.
> > >The message in the log is:
> > >
> > >Number:                        344735
> > >Date:                          26Aug2005
> > >Time:                          13:11:31
> > >Product:                       SmartDefense
> > >Interface:                     eth1
> > >Origin:                        FW-XXXX
> > >Type:                          Log
> > >Action:                        Reject
> > >Protocol:                      tcp
> > >Service:                       http (80)
> > >Source:                        10.10.146.205
> > >Destination:                   172.20.8.112
> > >Source Port:           3738
> > >Attack Name:           Malformed HTTP
> > >Attack Information:    Non-ASCII character in HTTP header
> > >
> > >Even though I tried to disable some rules at the SmartDefense and
> > >WebIntelligence still gives this error.
> > >
> > >Any clues?
> > >____________________________________________
> > >Diego F. Lastra S.
> > >Infraestructura y Soporte Técnico
> > >www.xertix.com
> > >dlastra AT xertix DOT com
> > >Conm. (55) 3003-1300
> > >Dir. (55) 3003-1381
> > >Fax. (55) 3003-1302
> > >____________________________________________
> > >
> > >
> > >=================================================
> > >To set vacation, Out-Of-Office, or away messages,
> > >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > >in the BODY of the email add:
> > >set fw-1-mailinglist nomail
> > >=================================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >=================================================
> > >If you have any questions on how to change your
> > >subscription options, email
> > >fw-1-owner AT ts.checkpoint DOT com
> > >=================================================
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================