The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
Legitimate HTTP traffic is rejected by IPS protection 'Non Compliant HTTP' as 'Attack: Block HTTP Non Compliant'
|
Technical Level
|
| Solution ID |
sk92657 |
| Technical Level |
|
| Product |
IPS |
| Version |
R75.10 (EOL), R75.20 (EOL), R75.30 (EOL), R75.40 (EOL), R75.40VS (EOL), R75.45 (EOL), R75.46 (EOL) |
| Platform / Model |
All |
| Date Created |
09-Apr-2013
|
| Last Modified |
28-Jan-2016
|
Symptoms
- Legitimate HTTP traffic is rejected by IPS without any message on the web browser.
- SmartView Tracker log shows:
Protocol: tcp
Attack: Block HTTP Non Compliant
Product: IPS Software Blade
Protection ID: BlockHttpNonProtocolCompliant
Protection Name: Non Compliant HTTP
- Kernel debug (
fw ctl debug -m WS all) shows:
;ws_body_stream_resume: [ERROR]: the filter offset (54) is larger than the stream's length (41);
;ws_abs_stream_default_set_reading_context: [ERROR]: couldn't resume the stream;
;ws_skip_stream_set_reading_context: [ERROR]: ws_abs_stream_set_reading_context failed;
;ws_gzip_stream_set_reading_context: [ERROR]: ws_abs_stream_set_reading_context for original zipped stream failed;
;ws_filter_mgr_execute_filter_chain: [ERROR]: set filter context to: CI filter AV, failed;
;ws_http_process_body: [ERROR]: failed to execute filter chain;
;ws_http_session_server_read: [ERROR]: failed to process body;
;ws_policy_get_policy_element: [ERROR]: invalid params;
;ws_cpas_read_handler: [ERROR]: ws_policy_container_get_action() failed;
Solution
|
Note: To view this solution you need to
Sign In
.
|
