RE: Blocked by the HTTP Security filter: URL contains '.' in the path Oops!

  • From: "Steve Moffat" <steve@xxxxxxxxxx>
  • To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 1 Aug 2005 15:02:29 -0300

Amateur 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Monday, August 01, 2005 2:15 AM
To: ISA Mailing List
Subject: [isalist] RE: Blocked by the HTTP Security filter: URL contains
'.' in the path Oops!

http://www.ISAserver.org

Try again - isatools.org didn't have a .wsf mime type so it reported
"not found".

-----Original Message-----
From: Ara Avvali [mailto:ara@xxxxxxxxxxxxx]
Sent: Sunday, July 31, 2005 6:17 PM
To: [ISAserver.org Discussion List]
Subject: RE: Blocked by the HTTP Security filter: URL contains '.' in
the path Oops!

Jim,
thank you for help. But I can't get the link work!

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Sun 7/31/2005 4:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Blocked by the HTTP Security filter: URL contains
'.' in the path Oops!



http://www.ISAserver.org

Jeez, I hate web designers that operate this way.
The HTTP Filter is acting properly - there should be no '.' in the path
portion of a URL -this is a favorite attack method (Code Red, Nimda,
etc., etc.).
This:
http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/125.gif
..is a bogus URL as far as ISA and other intelligent beings are
concerned.

See if http://isatools.org/changeblockdotinpath.wsf helps.
Run it as 'cscript changeblockdotinpath.wsf' to get instructions.
It's not listed yet because it's not "full-featured" yet.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------

-----Original Message-----
From: Ara Avvali [mailto:ara@xxxxxxxxxxxxx]
Sent: Sunday, July 31, 2005 10:41
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Blocked by the HTTP Security filter: URL contains
'.' in the path Oops!

http://www.ISAserver.org

Oops! I forgot to post my log files



Service Destination Host Name   Transport       Filter Information
Result Code     HTTP Status Code        Cache Information       Error
Information     Log Record Type Log Time        Destination IP
Destination Port        Protocol        Action  HTTP Method     URL
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/125.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/13441.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/136.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/ml.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/my.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/msg.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/beta.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/v5_mail_t.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/fin/05q3/hea_idtheft.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/fin/05q3/img_idtheft.jpg
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/mo/blondes104b.jpg
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/fin/05q3/tag_idtheft.gif
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/buzz/2005/07/0729fried.jpg
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/pers/05q2/img_cathy.jpg
Proxy   us.i1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.i1.yimg.com/us.yimg.com/i/ww/trfc_bckt.gif
Proxy   us.a1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.a1.yimg.com/us.yimg.com/a/1-/flash/promotions/classesusa/05050
5/70iltl.jpg
Proxy   us.a1.yimg.com  TCP     Blocked by the HTTP Security filter: URL
contains '.' in the path                12217 The request was rejected
by the HTTP filter. Contact your ISA Server administrator.      0x0
0x880   Web Proxy Filter        7/31/2005 10:22 192.168.0.254   8080
http    Denied Connection       GET
http://us.a1.yimg.com/us.yimg.com/a/am/amex/btn_84x28_6.gif
       

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Saturday, July 30, 2005 9:14 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Blocked by the HTTP Security filter: URL contains
'.' in the path

http://www.ISAserver.org

There's a reason I asked for the "exact URL" - the domain part of the
URL is irrelevant.
In order to evaluate why the HTTP Filter is triggering, we need the
*entire*, *exact* URL that triggered the filter.
You can find this URL in the logs where the HTTP Filter triggered on the
URL sent by the client to the ISA server that holds the HTTP Filter that
triggered on the whole URL sent by the client to the ISA that recorded
this request and resulting HTTP Trigger status message in the web proxy
log on the ISA that recorded the exact, entire URL that caused the HTTP
Filter to trigger.



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ara@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2005