Firewall Wizards mailing list archives
Re: IPS Content filtering techniques
From: ArkanoiD <ark () eltex net>
Date: Wed, 29 Aug 2007 01:39:27 +0400
But why does redirect have some content-type other than text/html? Well, i can fix my code by simply making content type check conditional to existense of the response body. Is it ok for you? On Tue, Aug 28, 2007 at 08:15:30AM +0200, Skough Axel U/IT-S wrote:
It is because some systems send informative responses indicating redirects (permanent or temporarily), HTTP code 301 or 302. The ways these redirects are created vary strongly, sometimes a data buffer is given, but not always. The rediection directive is present in a HTTP header statement indicating alternate location. Some implementations omits declaring the data buffer content as none is present, thus the content is left unknown. A content-filtering firewall therefore doesn't allow a HTTP packet with unknown data to pass - this is correct - BUT should be able to allow HTT packets with no data, i e, Content-Length: 0. In this situation the Content-Type argument can be properly excluded as stated in the RFC 2616 and we cannot therefore encourage the opinion that there should be some error in such a packet from its vendor! Best regards, Axel ________________________________ From: firewall-wizards-bounces () listserv icsalabs com on behalf of ArkanoiD Sent: Thu 2007-08-23 00:47 To: Firewall Wizards Security Mailing List Cc: Panahi Behzad U/IT-S Subject: Re: [fw-wiz] IPS Content filtering techniques Well, what's the purpose of getting those null data through? Why do you need it? On Wed, Aug 15, 2007 at 03:35:24PM +0200, Skough Axel U/IT-S wrote:Does really nobody know anything about a Web proxy product filtering on MIME Content-Type setting and capable to omit this check when the MIME Content-Length setting in force appears to be zero? The RFC 2616 states that the Content-Type header statement can be omitted in this situation and, indeed, it has no meaning as the data section is declared to be of length zero. Otherwise the data section should of course be in general be assumed to be of type "application/octet-stream" but when no data section is present it is obviously no problem in bypassing the Content-Type check! Thus, there are no data to prevent entering for in this situation, but the packet in force may have othre meanings such as redirect etc. I would appreciate any comments in this matter!_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: IPS Content filtering techniques Skough Axel U/IT-S (Aug 21)
- Re: IPS Content filtering techniques ArkanoiD (Aug 23)
- Re: IPS Content filtering techniques Skough Axel U/IT-S (Aug 28)
- Re: IPS Content filtering techniques ArkanoiD (Aug 28)
- Re: IPS Content filtering techniques Skough Axel U/IT-S (Aug 28)
- Re: IPS Content filtering techniques ArkanoiD (Aug 23)