Re: [FW-1] Problem with a WebServer

[Ray]

SmartDashboard
SmartDefense tab
Application Intelligence
Web
HTTP Protocol Inspection
ASCII Only Request Headers - if it's checked, you will drop binary in 
headers.

Also see ASII Only Response Headers

Ray

From: "Diego F. Lastra S." <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1              
<FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM>
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem with a WebServer
Date: Mon, 29 Aug 2005 17:58:17 -0500

SPLAT:
This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application
Intelligence (R55) HFA_09, Hotfix 182 - Build 011

Ray, thanks for your help.

-----Mensaje original-----
De: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] En nombre de Ray
Enviado el: Monday, August 29, 2005 5:41 PM
Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Asunto: Re: [FW-1] Problem with a WebServer

Ahhh, Microsoft, no wonder. :-)

What version of FW-1 are you on? I can set that binary feature off on R55.

Ray

>From: "Diego F. Lastra S." <[EMAIL PROTECTED]>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM>
>To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
>Subject: Re: [FW-1] Problem with a WebServer
>Date: Mon, 29 Aug 2005 16:35:43 -0500
>
>The WebServer is a IIS and it's running Microsoft Sharepoint as the
>application server. The guys at Microsoft told us that is impossible to
>change the way cookies are sent in binary to the web clients.
>
>Is there any other workaround for this problem?
>
>Thanks...
>
>-----Mensaje original-----
>De: Mailing list for discussion of Firewall-1
>[mailto:[EMAIL PROTECTED] En nombre de Ray
>Enviado el: Friday, August 26, 2005 7:16 PM
>Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
>Asunto: Re: [FW-1] Problem with a WebServer
>
>Tell those folks to fix their web site. Allowing binary in a header is a
>dangerous thing. We had this with one web site we used a lot after they 
did
>a new site. Most of the graphics were missing, it looked horrible, links
>didn't work, etc.
>
>After I contacted them, they fixed the problem. They said they were using
>an
>
>encrypted cookie and that was what was causing the problem. They changed 
it
>so it only used ASCII and the site cleaned right up.
>
>Ray
>
> >From: "Diego F. Lastra S." <[EMAIL PROTECTED]>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM>
> >To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> >Subject: [FW-1] Problem with a WebServer
> >Date: Fri, 26 Aug 2005 14:31:04 -0500
> >
> >Hi,
> >I have a problem with a WebServer running under a Checkpoint VPN-1 Pro 
NG
> >AI
> >R55.
> >The message in the log is:
> >
> >Number:                        344735
> >Date:                          26Aug2005
> >Time:                          13:11:31
> >Product:                       SmartDefense
> >Interface:                     eth1
> >Origin:                        FW-XXXX
> >Type:                          Log
> >Action:                        Reject
> >Protocol:                      tcp
> >Service:                       http (80)
> >Source:                        10.10.146.205
> >Destination:                   172.20.8.112
> >Source Port:           3738
> >Attack Name:           Malformed HTTP
> >Attack Information:    Non-ASCII character in HTTP header
> >
> >Even though I tried to disable some rules at the SmartDefense and
> >WebIntelligence still gives this error.
> >
> >Any clues?
> >____________________________________________
> >Diego F. Lastra S.
> >Infraestructura y Soporte Técnico
> >www.xertix.com
> >[EMAIL PROTECTED]
> >Conm. (55) 3003-1300
> >Dir. (55) 3003-1381
> >Fax. (55) 3003-1302
> >____________________________________________
> >
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================