RE: [FW1] Re: http 1.1 errors

Tue, 21 Aug 2001 21:59:41 -0700

This solution is well known with checkpoint and if you've got the right support contract you can get it from their
knowledgebase
 
Solution: Cannot view web page when using HTTP 1.1 connection with HTTP Security Server (10043.0.10150315.2854610)
Disable the option to use HTTP 1.1 connections in one of the following ways:

Method 1
1. Stop FireWall-1 (fwstop)
2. Backup the $FWDIR/conf/objects.C file
3. Enter the following lines in the $FWDIR/conf/objects.C file under the ":props" section:
   :http_force_down_to_10 (true)
   :http_avoid_keep_alive (true)
4. Start FireWall-1 (fwstart)
5. Install the policy
Sincerely
 
 
Ronny Vaningh
Security Engineer
 
UUNET
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: maandag 20 augustus 2001 11:47
To: Camille Edge
Cc: [EMAIL PROTECTED]; fw1
Subject: [FW1] Re: http 1.1 errors


Camille

Yes please - could I have the info.

I am curious as to why a 3rd party can come up with a solution but not CP ? (!) - there is an obvious answer but suffice it to say it may be worth a look through the FW Mailing list archives for unfixed CP problems......


Thanks

Tim


Camille Edge <[EMAIL PROTECTED]>

20/08/01 04:44

       
        To:        [EMAIL PROTECTED], [EMAIL PROTECTED]
        cc:        fw1 <[EMAIL PROTECTED]>
        Subject:        http 1.1 errors



Hi Tim & David

There is a fix for that.  I got it from Esafe.  You have to make
changes to the objects.C file.  I can send it to you on Monday if you
are interested.  I'm sorry that I'm a little <G> behind in my mail
here.  If you still need the info, just let me know.

cee

Message: 1
   Date: Thu, 9 Aug 2001 09:58:08 +0100
   From: [EMAIL PROTECTED]
Subject: RE: [FW1] Code Red: What security specialist don't mention
in war nings

My experience was that it did eat up a little extra CPU but not too bad -
BUT our main problem was with the other affects of using these rule -
namely some web sites (especially newer ones) not working properly -
workaround was to uncheck "Use HTTP 1.1"  in IE.

This hasn't worked for every situation and occassionally I have to
temporarily disable the http-with-resource rules if a user is really
struggling.

Not the best situation ever - but what can you do ?!  ;-)


Tim

--

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cee

Don't meddle in the affairs of dragons, for you are crunchy and
taste good with honey mustard.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Reply via email to