HTTP/1.1 Support

[roadrunner]

HTTP/1.1 Support
The Security Servers in 3.x and earlier do not support HTTP/1.1, specifically the keep-alive functionality. FireWall-1 4.0 supports HTTP/1.1, but on releases prior to SP3, you have to add the following things to $FWDIR/conf/objects.C in the props section to make this work correctly:

:http_cvp_allow_chunked (true)
:http_weeding_allow_chunked (true)
:http_block_java_allow_chunked (true)
:http_allow_ranges (true)
Note that there are some known issues with MSIE and HTTP/1.1 as well as issues with CVP and HTTP/1.1. These issues are fixed in 4.0SP5 and 4.1SP1 with the following additions to the props section in objects.C:
:http_force_down_to_10 (true)
:http_sup_continue (true)
:http_avoid_keep_alive (true)
For hints on editing objects.C, see How do I edit objects.C or objects_5_0.C?
In some cases, the only remedy is to configure Internet Explorer to use HTTP 1.0. This option is configured under the Advanced tab of the Internet Options dialog box/control panel of Internet Explorer. This can be done by modifying the logon script for your domain. For example, the following script has proven successful at some sites:

@echo off
::Internet Explorer HTTP 1.1 Disable Script.
::Edit to your tastes. This script should do more testing.
regedit /s \\\netlogon\htp9x.reg

htp9x.reg contains:

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings]
"EnableHttp1_1"=dword:00000000
Needs a CR after last line to work.

For more information, contact your Microsoft products support channels.

Some users using MSIE 5.x browsing pages, particularly dynamically generated pages on a IIS webserver will have issues as well. There is no workaround that I am aware of.

-- GuyR - 18 Jan 2004


FAQForm
FAQs.Class: ServicesFAQs
FAQs.OS:
FAQs.Version: