[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] - slow page loads with nimda uri implemented
Yes, we had the same problem here about 6 months again, after I added the rule for Nimda/Code Red. In my case, the pages with forms were only accessed by users on my internal network. So I changed the source of my Nimda/Code Red rule to be the negation of my internal network, and had my internal network access the host on an entirely different rule. Very similar to what you have done. Everything has worked fine since then. I'd be interested in what others have done as well. "King, Arron S." <[email protected]> Sent by: Mailing list for To: [email protected] discussion of Firewall-1 cc: <[email protected] Subject: [FW-1] kpoint.com> 03/28/2002 12:15 PM Please respond to Mailing list for discussion of Firewall-1 Hello, We instituted a rule that blocks inbound Nimda/Code Red attacks based upon a Checkpoint KB article on how to setup a URI for Nimda/Code Red. (any internal -> any external reject if http(nimda URI)) We are running Checkpoint 4.1 SP1 on a Nokia IP 440 (w/ a Win2k mgmt station running 4.1 SP5) We have 3mbps of Internet speed However, after we instituted this rule, we began receiving several complaints about specific sites being horribly slow (several minutes between page loads). I did some investigating, and found that if I turn the rule off, the pages load very quickly. Turn the rule back on, and they take forever. Every other site that I've seen (and used personally) works fine. Digging deeper, the pages in question seem to "POST" forms, some of which are large. I've been able to restore speed by putting a second rule (in front of the NIMDA block, specific to the site in question) that allows HTTP. (I know this bypasses the Nimda check; but the sites I've done this for are required for academics here, and I would much rather limit my exposure to a few specific hosts (rather than get rid of the rule entirely) The URI we are using (as I read the Checkpoint KB article) is: Conn Methods (Transparent, proxy) URI Match Spec: Wildcards Exception Track: None Match: http GET - Path - {*cmd.exe,*root.exe,*admin.dll,*readme.exe,*default.ida} Anyone else seen this? ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|