从事IT基础架构多年,发现自己原来更合适去当老师……喜欢关注新鲜事物,不仅限于IT领域。
分类:
2006-03-17 12:17:03
This has been observed some times, and there is an SK article (sk20988) about it, but not in the public database.
Here is the receipt to stop the error and let users access the blocked site: The checking for the connect command can be disabled by the following property: asm_http_allow_connect. This is a kernel variable and can therefore neither be changed by dbedit nor by any advanced options of the Global Properties.
Use the following FW kernel command to change a kernel variable temporarily, until the next reboot:
# fw ctl set int asm_http_allow_connect 1To verify the parameter value, issue:
# fw ctl get int asm_http_allow_connectDo go back to the original configuration, issue:
# fw ctl set int asm_http_allow_connect 0
This means changing a FW kernel variable to survive a reboot.
Edit /etc/system file and add the following line at the bottom:
set fw:asm_http_allow_connect = 1
asm_http_allow_connect and set its value to 1.
Edit the $FWDIR/boot/modules/fwkern.conf file. Add the asm_http_allow_connect parameter with the value 1.
Use the modzap debugger (get it from the Nokia Knowledge Base) to modify the asm_http_allow_connect kernel parameter as follows:
# modzap _asm_http_allow_connect $FWDIR/boot/modules/fwmod.o 1
当然asm_http_allow_connect这个参数,官方是不推荐打开的:Please note that this property will cause SmartDefense to stop examining these
connections when an HTTP Connect command is detected in the proxied connection