At first FW-1 is not an application proxy Firewall. It use the Statefull Inspection technology for better performance, but lose some filtering funtionality. In this case it hasn't a way to handle your problem. I think, it's better to find a patch for your application, in this case. -marco -----Original Message----- From: Vanja Hrustic [mailto:[EMAIL PROTECTED]] Sent: Friday, October 22, 1999 6:18 AM To: [EMAIL PROTECTED] Subject: FW-1 and "content checking" Hello. A quick question: Is FW-1 capable of checking (by default, or if defined by an admin) the content (or size) of 'Accept:' header, in order to stop/prevent DoS attacks against Netscape Enterprise Server? As an application proxy (is it?), FW-1 should be able to do that, and perform some kind of sanity checking. Am I right or wrong? Thanks in advance. -- Vanja Hrustic http://www.siamrelay.com Information Security Services Electronic Payment Processing - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
