[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] URI Specification File Format
[ Part 1, Text/PLAIN (charset: Unknown "windows-1252") 171 lines. ]
[ Unable to print this part. ]
[ The following text is in the "windows-1252" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I have already solved my question. Thanks to those who answered my
question.
However, I will consider to buy OSPEC Certified Product to fulfill the
function of URI Filtering in CKPFW as there are tremendous web sites out
there on Internet where some specific web sites may be left out in URI
screening if I relies on just one URI specification file created by
myself.
The exact URI Specification File Format should be like this:
ip-address /path 0
For example: 207.246.147.20 0 (where /path is optional and '0' is
required to put at the end of each line)
In Match tab (file specification), when you Import the above file located
somewhere in any directory in FW, that file will be stored in the
directory /<FW-server-root>/conf/lists/ and the original file name will
be changed as 'URI-<resource-name>.list'. Also, be aware of the
selection of Connection Methods in General Tab. In my case, I select
'Transparent', not 'Proxy'. It depends on how your browser's http
setting. Anyway, it works and the error message will be seen as "FW-1:
Access Denied ....." if the request of http matches any IP address
listed in that file.
Regards,
William
-----Original Message-----
From: GibsonB@gruntal.com [mailto:GibsonB@gruntal.com]
Sent: Wednesday, November 01, 2000 4:46 AM
To: freaknetboy@yahoo.com; bandit@zcore.net;
williamchan@dicksoncyber.com;
fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] URI Specification File Format
The proper format for the URI specification file is IP
Address path followed by a number that does something I can't
remember.
So you basically have entries that look like this.
192.168.100.1 / 0
10.1.1.1 / 0
That suppresses the entire server. I have never tried to
drill down from / but I assume it works.
One important note. There is a limitation in FW-1 that does
not allow a list of addresses greater than 59 at least in ver
4.1 SP1. If you try more than 59 addresses your FW will
crash with a message saying GZ Inflate failed and run in an
unstable non-functioning state. I don't know if this still
exists in SP2.
> -----Original Message-----
> From: Chris F [mailto:freaknetboy@yahoo.com]
> Sent: Tuesday, October 31, 2000 2:55 PM
> To: Carl E. Mankinen; William CHAN;
> fw-1-mailinglist@lists.us.checkpoint.com
> Subject: RE: [FW1] URI Specification File Format
>
>
>
> I get that error if I reinstall my policy.
> What platform are you running FW1 on? What about your
> URI? ... or is it just a file?
>
> I have to kill -HUP my ahttpd daemon to "repair" my
> "Access Denied" problem :(
>
> Thanks -- Chris
>
> --- "Carl E. Mankinen" <bandit@zcore.net> wrote:
> >
> > My experience has not been very good with using URI
> > filtering in 4.1 SP2.
> > I don't know if it's just me, but when I try to
> > filter http GET's using
> > a path wildcard, I get all sorts of problems pulling
> > up pages that do
> > not come close to matching, and I get a lot of "FW1
> > Error, Access Denied"
> > even though I have a replacement URI specified...
> >
> > -----Original Message-----
> > From: owner-fw-1-mailinglist@lists.us.checkpoint.com
> >
> [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On
> > Behalf Of
> > William CHAN
> > Sent: Sunday, October 29, 2000 10:32 PM
> > To: fw-1-mailinglist@lists.us.checkpoint.com
> > Subject: [FW1] URI Specification File Format
> >
> >
> >
> > Hi,
> >
> > Apart from using any UFP products, I would like to
> > know what the exact URI
> > file format for each record is when using URI
> > Definition Window for Match
> > Tab File Specification?
> > Does anybody want to share his/her experience with
> > me?
> > Many thanks.
> >
> > Regard,
> > William
> >
> >
> >
>
==============================================================
> ==================
> > To unsubscribe from this mailing list, please
> > see the instructions at
> >
> > http://www.checkpoint.com/services/mailing.html
> >
>
==============================================================
> ==================
> >
> >
> >
> >
>
==============================================================
> ==================
> > To unsubscribe from this mailing list, please
> > see the instructions at
> >
> > http://www.checkpoint.com/services/mailing.html
> >
>
==============================================================
> ==================
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Messenger - Talk while you surf! It's FREE.
> http://im.yahoo.com/
>
>
>
==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
>
http://www.checkpoint.com/services/mailing.html
>
==============================================================
> ==================
>
***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business
purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit
personnel.
E-mail will be archived for at least three years and may be
produced
to regulatory agencies or others with a legal right to access
such
information. Gruntal will not accept trade order instructions
via
e-mail. Please telephone your Account Executive to place
trade orders.
Gruntal & Co., L.L.C.
***********************************************************************
|
