The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Legitimate HTTP traffic is rejected by IPS protection 'Non Compliant HTTP' as 'Attack: Block HTTP Non Compliant'
|
Technical Level
|
Solution ID |
sk92657 |
Technical Level |
|
Product |
IPS |
Version |
R75.10, R75.20, R75.30, R75.40, R75.40VS, R75.45, R75.46 |
Platform / Model |
All |
Date Created |
09-Apr-2013
|
Last Modified |
28-Jan-2016
|
Symptoms
- Legitimate HTTP traffic is rejected by IPS without any message on the web browser.
- SmartView Tracker log shows:
Protocol: tcp
Attack: Block HTTP Non Compliant
Product: IPS Software Blade
Protection ID: BlockHttpNonProtocolCompliant
Protection Name: Non Compliant HTTP
- Kernel debug (
fw ctl debug -m WS all
) shows:
;ws_body_stream_resume: [ERROR]: the filter offset (54) is larger than the stream's length (41);
;ws_abs_stream_default_set_reading_context: [ERROR]: couldn't resume the stream;
;ws_skip_stream_set_reading_context: [ERROR]: ws_abs_stream_set_reading_context failed;
;ws_gzip_stream_set_reading_context: [ERROR]: ws_abs_stream_set_reading_context for original zipped stream failed;
;ws_filter_mgr_execute_filter_chain: [ERROR]: set filter context to: CI filter AV, failed;
;ws_http_process_body: [ERROR]: failed to execute filter chain;
;ws_http_session_server_read: [ERROR]: failed to process body;
;ws_policy_get_policy_element: [ERROR]: invalid params;
;ws_cpas_read_handler: [ERROR]: ws_policy_container_get_action() failed;
Solution
|
Note: To view this solution you need to
Sign In
.
|