 Re: Malformed HTTP
I have found the solution to this problem (for Windows SmartCenter):
Modify the file: $FWDIR/lib/asm.def
1. Prepare a list of IPs for which you want to bypass WebIntelligence.
2. Backup $FWDIR/lib/asm.def on the SmartCenter.
3. Edit asm.def on the SmartCenter:
*a. Add the following line in the file (This list will represents the problematic IPs.):
Individual IPs
IPList = {<IP1>,<IP2>,<IP3>};
or, ranges of IPs:
List = {<IP_start,IP_end>,<IP_start,IP2_end>};
For example:
List={<1.1.1.1,1.1.1.5>, <2.2.2.2,2.2.3.3>};
b. Find the following line:
#define ACTIVATE_WS_GLOBAL_DEFENSE (tcp, dport in http_services,ADD_INSPECTION(SPII_WEBSEC_ID)) or 1
change it to read as follows:
#define ACTIVATE_WS_GLOBAL_DEFENSE (src not in IPList,dst not in IPList,tcp, dport in http_services,ADD_INSPECTION(SPII_WEBSEC_ID)) or 1
c. Find the following line:
#define ACTIVATE_WS_SERVER_DEFENSE ( tcp, get <dst, dport> from web_server_rules to sr10, ADD_INSPECTION_WITH_PARAMS(SPII_WEBSEC_ID, sr10)) or ACTIVATE_WS_GLOBAL_DEFENSE
change to read as follows:
#define ACTIVATE_WS_SERVER_DEFENSE ( src not in IPList,dst not in IPList,tcp, get <dst, dport> from web_server_rules to sr10, ADD_INSPECTION_WITH_PARAMS(SPII_WEBSEC_ID, sr10)) or ACTIVATE_WS_GLOBAL_DEFENSE
4. Install the policy on the module(s) to activate the changes.  |