Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1434034
  • 博文数量: 556
  • 博客积分: 12626
  • 博客等级: 上将
  • 技术积分: 5799
  • 用 户 组: 普通用户
  • 注册时间: 2006-01-11 15:56
个人简介

从事IT基础架构多年,发现自己原来更合适去当老师……喜欢关注新鲜事物,不仅限于IT领域。

文章分类

全部博文(556)

文章存档

2019年(6)

2018年(15)

2017年(17)

2016年(11)

2015年(2)

2014年(2)

2013年(36)

2012年(54)

2011年(100)

2010年(41)

2009年(72)

2008年(14)

2007年(82)

2006年(104)

分类:

2006-03-17 12:17:03

    升级QQ后发现无法正常登陆,检查错误日志竟然连接TCP80端口出现问题。检查checkpoint防火墙发现80端口被阻断,错误信息为:message_info: CONNECT command found in HTTP request。
    最后找到了解决办法:

HTTP Error Message "message_info: CONNECT command found in HTTP request"

This has been observed some times, and there is an SK article (sk20988) about it, but not in the public database.

Here is the receipt to stop the error and let users access the blocked site: The checking for the connect command can be disabled by the following property: asm_http_allow_connect. This is a kernel variable and can therefore neither be changed by dbedit nor by any advanced options of the Global Properties.

Temporary Change

Use the following FW kernel command to change a kernel variable temporarily, until the next reboot:

# fw ctl set int asm_http_allow_connect 1
To verify the parameter value, issue:
# fw ctl get int asm_http_allow_connect
Do go back to the original configuration, issue:
# fw ctl set int asm_http_allow_connect 0

Persistent Change

This means changing a FW kernel variable to survive a reboot.

Solaris

Edit /etc/system file and add the following line at the bottom:

set fw:asm_http_allow_connect = 1

Windows

  1. Open the registry by running regedit from the command line.
  2. Go to HKLM\System\CurrentControlSet\Services\FW1\parameters
  3. Add a new key called "Globals"
  4. Under the Globals key add a DWORD parameter called asm_http_allow_connect and set its value to 1.
  5. Close the registry

Linux and SecurePlatform?

Edit the $FWDIR/boot/modules/fwkern.conf file. Add the asm_http_allow_connect parameter with the value 1.

IPSO

Use the modzap debugger (get it from the Nokia Knowledge Base) to modify the asm_http_allow_connect kernel parameter as follows:

# modzap _asm_http_allow_connect $FWDIR/boot/modules/fwmod.o 1
当然asm_http_allow_connect这个参数,官方是不推荐打开的:Please note that this property will cause SmartDefense to stop examining these
connections when an HTTP Connect command is detected in the proxied connection
阅读(1772) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~