HTTP Invalid Status-Line format
Hi,
Is it possible to allow the following line="HTTP/1.1 999 Request denied\x0d\x0a" and if so, how?
Fireware 12.7
/Robert
0
Sign In to comment.
Hi,
Is it possible to allow the following line="HTTP/1.1 999 Request denied\x0d\x0a" and if so, how?
Fireware 12.7
/Robert
Comments
Other than using a packet filter...
You'll need to use a packet filter for that traffic.
(Error: ProxyDeny: HTTP Invalid Request-Line Format, in the log message)
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3GiSAI&lang=en_US
-James Carson
WatchGuard Customer Support
Thank you both,
A filter it will be then.
/Robert
This is one thing I hate about "exceptions" that are not actual exceptions.
Gregg Hill
Hi @Greggmh123
The http exceptions are looking at the actual URL path in the HTTP get request to determine the path to make the exception for. Even when the URL is matched, it only excludes specific portions of the proxy as documented here:
(HTTP-Proxy: Exceptions)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/http/http_proxy_exceptions_c.html
If the HTTP traffic is malformed, or completely invalid, it won't have a path to read, so there's nothing to actually exclude
Using a policy that matches a FQDN to an IP address and passing that traffic via a packet filter is the only way to bypass because there's no way to match a URL path to a piece of traffic that doesn't have a proper HTTP request.
-James Carson
WatchGuard Customer Support