[Sidewinder] Protocol violations

Sidewinder moderated discussion list sidewinder at adeptech.com
Wed Nov 4 08:59:54 EST 2009 

That's what I'm looking for but I can't see it anywhere.  If you can track
it down please let me know where it is.

After my initial post it also occurred to me that Microsoft ISA Server
(software firewall) as early as 2004 had the ability to specify which parts
of protocol RFCs to enforce/ignore.  Surely there must be a way to dial it
down if we don't have the need to enforce certain aspects.

Jason


On Wed, Nov 4, 2009 at 8:01 AM, Sidewinder moderated discussion list <
sidewinder at adeptech.com> wrote:

> I'm not in front of the sidewinder but I believe that there is an
> option to relax the rules.  Make sure that this is checked.
>
> On Tue, Nov 3, 2009 at 6:03 PM, Sidewinder moderated discussion list
> <sidewinder at adeptech.com> wrote:
> > We have just implemented a sidewinder firewall and are experiencing
> numerous
> > "protocol violations" for http traffic.  I understand from talking to
> > support that there is not a way to tune protocol violations,
> > it's apparently all or nothing (use an http proxy and get the violations
> or
> > use an IP filter rule or maybe a generic proxy and don't get any
> > protocol-aware proxy benefits).  I'm wondering how other people deal with
> > this on two fronts: a.) how do you reduce all the noise generated by
> these
> > log messages and b.) how do you deal with sites that are required for
> > business purposes but that have some aspect of them broken because they
> fail
> > to strictly follow RFCs and thus generate protocol violations?  Today was
> > our first day in production and we identified 3 sites that we couldn't
> > submit "plain" html forms through because something on the pages
> generated
> > protocol violations.
> >
> > I'm dealing with it now by creating a TCP filter rule "above" my main
> http
> > proxy rule and specifying a net group that I then add members to as the
> > complaints come in.  Obviously not very efficient.  I understand and
> > appreciate what the sidewinder is doing but to me it seems like there
> should
> > be some way to fine-tune which protocol violations get flagged and/or
> which
> > ones end up dropping the traffic (something like what is done to
> configure
> > IDS signatures/responses).
> >
> > Am I just missing something?
> > _______________________________________________
> > Sidewinder mailing list
> > Sidewinder at adeptech.com
> > http://mail.adeptech.com/mailman/listinfo/sidewinder
> >
> _______________________________________________
> Sidewinder mailing list
> Sidewinder at adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder
>

More information about the Sidewinder mailing list