It does more than cross site scripting. We had a web server that allowed users to upload a file. While the "Web Server" checkbox was checked, the upload would fail on certain files. The error message that we received in the log viewer was "reason: Invalid characters in request". When be unchecked this checkbox everything was fine.
Lars -----Original Message----- From: Shawn Behrens [mailto:[EMAIL PROTECTED] Sent: 17. mars 2004 16:18 To: [EMAIL PROTECTED] Subject: Re: [FW-1] What does the "Web Server" checkbox activate in NG AI R55? Hi, > A few weeks back, I wrote about problems with some users > connecting to our > Web sites following an upgrade to R55. We've since been able > to narrow the > problem down to the "Web Server" checkbox in the Network > Object definition > of our Web server. This does indeed have to do with SmartDefense, particularly Cross Site Scripting. When you checked the Web Server checkbox, what about the settings on the Web Server tab of that object? Was Cross Site Scripting defense enabled or disabled for the object? Did you use the Ports Configuration? In SmartDefense, you are looking at Web, Cross Site Scripting. It can be defined for all servers or individually per server. Now, if memory serves, Cross Site Scripting protection invokes the security servers. And those are notorious for blocking certain (legitimate) requests in their default settings. There is a bunch of changes you can make to objects_5_0.C regarding http security servers. Nokia has a resolution listing them (search for objects.C in their database), and the Aladdin document about configuring eSafe for CVP is extremely helpful (just ignore the CVP specific stuff such as force_to_10 etc). Of course, simply unchecking the Web Server check box works, too, and is probably a whole lot easier. Just make sure your servers are not vulnerable to cross-site scripting attacks. Regards Shawn Behrens Senior Security Engineer CCMSE CCSE CCNA CNE INTEGRALIS Your Trusted Security Partner 111 Founders Plaza 13th Floor East Hartford, CT 06108 USA Tel: +1 860 291 0851 Fax: +1 860 291 0847 [EMAIL PROTECTED] www.integralis.com Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.integralis.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
