[Sidewinder] Protocol violations

[Sidewinder moderated discussion list]

I'm not in front of the sidewinder but I believe that there is an
option to relax the rules.  Make sure that this is checked.

On Tue, Nov 3, 2009 at 6:03 PM, Sidewinder moderated discussion list
<sidewinder at adeptech.com> wrote:
> We have just implemented a sidewinder firewall and are experiencing numerous
> "protocol violations" for http traffic.  I understand from talking to
> support that there is not a way to tune protocol violations,
> it's apparently all or nothing (use an http proxy and get the violations or
> use an IP filter rule or maybe a generic proxy and don't get any
> protocol-aware proxy benefits).  I'm wondering how other people deal with
> this on two fronts: a.) how do you reduce all the noise generated by these
> log messages and b.) how do you deal with sites that are required for
> business purposes but that have some aspect of them broken because they fail
> to strictly follow RFCs and thus generate protocol violations?  Today was
> our first day in production and we identified 3 sites that we couldn't
> submit "plain" html forms through because something on the pages generated
> protocol violations.
>
> I'm dealing with it now by creating a TCP filter rule "above" my main http
> proxy rule and specifying a net group that I then add members to as the
> complaints come in.  Obviously not very efficient.  I understand and
> appreciate what the sidewinder is doing but to me it seems like there should
> be some way to fine-tune which protocol violations get flagged and/or which
> ones end up dropping the traffic (something like what is done to configure
> IDS signatures/responses).
>
> Am I just missing something?
> _______________________________________________
> Sidewinder mailing list
> Sidewinder at adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder
>