Hi,
I'm having a similar problem with http filtering in general and it is very
annoying. I installed an http filtering rule and began to have several
complains from users not able to reach valid (i.e. not filtered out) sites.
In my case, the problem is due to sites that do not have reverse DNS entry
(i.e. they have an IP address but not a valid name). Checkpoint considers
these as potential security risk and do not allow them to be contacted
through the HTTP Security Server. (This is also documented in phoneboy's
FAQ.)
But this practice of having no valid name is used more and more with server
farms from several "big" players (Microsoft, Post Canada, etc,etc). As I
cannot ask all these sites to be better "netizens" I am forced to stop
all http filtering.
If anyone has a cure or a hidden switch somewhere to force FW1 to accept these
sites, I would be more than gratefull.
Denis Lebeuf
[EMAIL PROTECTED]
>
>I have set up a URI to block mp3 files, but I have noticed that a few of our
>users could not hit certain websites or even retrieve pdf files for example
>off of others. By the way, these sites had nothing to do with Mp3 files.
>Once I disabled my rule, the other problems I had stopped. I have been able
>to block FTP traffic successfully with a URI rule, but the http seems a bit
>buggy.
>
>Has anyone else experience problems similar to this?
>
>
>Andrew Linker
>Systems Administrator
>Telogy Networks, Inc.
> - A Texas Instruments Company
>20250 Century Blvd.
>Germantown, Md. 20874
>(301) 515-6571 voice
>(301) 515-7954 fax
>[EMAIL PROTECTED] < mailto:[EMAIL PROTECTED]>
>www.telogy.com < http://www.telogy.com>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
