Is the rule to allow port 80 to your web server above the deny * rule
that you setup to block that subnet?  The way Sonicwall prioritizes or
orders their rules is from the bottom up.  So if you have a Deny sitting at
rule number 50, that encompasses a broad range, such as you describe, and
an allow rule that is specific to a service or 1 ip that is sitting at rule
number 25, then the rule 25 will override rule 50.  Which lets all traffic
come in to port 80 on one specific server..

  A workaround is to deny that block to that specific IP, or even further
down to the port on your web server.  You need to get the rule denying what
you want to deny ABOVE your Allow to port 80 on your web server.

Hope me and my runon sentences make sense  :)

Cavell McDermott
Domino Admin
APW Ltd. - Texas Campus
214-343-1400 - Main
214-355-2022 - Direct
214-341-9950 - Fax
http://www.apw.com


                                                                                       
                              
                    "Chris Hunt  IT                                                    
                              
                    Dept"                  To:     <[EMAIL PROTECTED]>               
                              
                    <[EMAIL PROTECTED]        cc:                                         
                              
                    m>                     Subject:     [SonicWALL]-                   
                              
                    Sent by:                                                           
                              
                    sonicwall-owner                                                    
                              
                    @peake.com                                                         
                              
                                                                                       
                              
                                                                                       
                              
                    01/28/2002                                                         
                              
                    11:35 AM                                                           
                              
                    Please respond                                                     
                              
                    to sonicwall                                                       
                              
                                                                                       
                              
                                                                                       
                              





I have a rule set up to deny service default Source *
Addr Range Begin 213.23.0.0
Addr Range End 213.23.255.255
Destination *
Apply thie rule always

I'm still seeing port 80 activity as my IMail log for today shows this

20020128 000028 213.23.38.248, Mozilla/Mozilla/4.0 (compatible; MSIE 5.5;
Windows 98), http://www.sexy-fuck.de/toplisten.html, GET
http://www.stringtanga.com/cgi-bin/TheRealTopsites/topsites.cgi?button=show
HTTP/1.1
20020128 000028 213.23.38.248, Mozilla/Mozilla/4.0 (compatible; MSIE 5.5;
Windows 98), http://www.sexy-fuck.de/toplisten.html, GET
http://www.stringtanga.com/cgi-bin/TheRealTopsites/topsites.cgi?button=show
HTTP/1.1
20020128 010859 213.23.38.248, Mozilla/Mozilla/4.0 (compatible; MSIE 5.5;
Windows 98; Win 9x 4.90), http://www.sexy-fuck.de, GET
http://werban.de/hework.cgi?ID=sexyfuck&page=01 HTTP/1.1
20020128 010859 213.23.38.248, Mozilla/Mozilla/4.0 (compatible; MSIE 5.5;
Windows 98; Win 9x 4.90), http://www.sexy-fuck.de, GET
http://werban.de/hework.cgi?ID=sexyfuck&page=01 HTTP/1.1
20020128 015550 213.23.38.248, Mozilla/Mozilla/4.0 (compatible; MSIE 5.01;
Windows NT 5.0), http://www.sexy-fuck.de/toplisten.html, GET
http://www.stringtanga.com/cgi-bin/TheRealTopsites/topsites.cgi?button=show
HTTP/1.1
20020128 015550 213.23.38.248, Mozilla/Mozilla/4.0 (compatible; MSIE 5.01;
Windows NT 5.0), http://www.sexy-fuck.de/toplisten.html, GET
http://www.stringtanga.com/cgi-bin/TheRealTopsites/topsites.cgi?button=show
HTTP/1.1


There is no damage done but I would rather cut them off at the pass  ;)

Chris

===================================================================================================

To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/






---
[This E-mail scanned for viruses by Declude/F-Prot Virus]

===================================================================================================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the 
following: unsubscribe sonicwall your_name
The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/


Reply via email to