• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 816
  • Last Modified:

Long URL blocking ??

Hi,

When we acessing long URLs, IE 5.5 borwser is giving,

"Error! The URL is too long and the firewall is set to block it. Please contact your system administrator for help."


How can we avoid this ??

Thanks !
 
0
Affno
Asked:
Affno
  • 7
  • 7
  • 4
  • +3
3 Solutions
 
tmehmetCommented:
do you have a firewall blocking URL's as per the warning message ?

Do you have any security settings on the webserver that block long URL's?

long URL's are a common attack so it may be blocked.
0
 
DaGo21Commented:
If I remember correctly this was partly because of security issues in webpages.  The following information does illustrate this.  

When a filter on a URL is placed and the rule is triggered, the person attempting to view the URL will receive an HTML page saying, "Block by Firewall". However, if the URL used to access the site is longer than 220 bytes, no triggering will occur and the request will be silently approved.

For example, a URL such as the following is possible:
http://www.scip.ch/?%20%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20

An attacker may be able to evade the URL black list and get access to disallowed resources.
0
 
AffnoAuthor Commented:
Yeah that's correct, but in a web based application there was a long URL exactly it's like your example.
Any way , how can we avoid this situation. Application con not be changed !  Please advice !
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
tmehmetCommented:
what else can yu tell us about the App?

what OS is webserver?
have you tried IE 6 or Firefox browser ? is it specific to IE5.5 ??

dont really know how to advise you unless we know a little more info.

does this site take care of your problem? it shortens URLS so you can share them.

www.tinyurl.co.uk




0
 
DaGo21Commented:
Affno,

Can you try to upgrade 1 PC to for example IE6 and see if the problem still exists?  If not it might be an option to upgrade you entire field.  If this cannot be done (e.g. company policies) you can check when it stopped working and check your firewall vendor.

Which firewall are you using?

0
 
AffnoAuthor Commented:
I'll check and update you guys !
0
 
AffnoAuthor Commented:
DaGo21;
When a filter on a URL is placed and the rule is triggered, the person attempting to view the URL will receive an HTML page saying, "Block by Firewall". However, if the URL used to access the site is longer than 220 bytes, no triggering will occur and the request will be silently approved.


Can you explain this for me please ?
0
 
DaGo21Commented:
The long URL the example is just  a website, however with %20 (space) behind them.  They exceed the 220 bytes, however in reality resolving by the browser, it's not.  Are you using Netgear Equipment?

Can you provide a sample URL, OS, Webserver, Firewall, is the webserver on the local LAN, are you using a PC firewall or hardware bewtween the evil world and you company, etc.
0
 
DaGo21Commented:
As quick test learns me this exceeds the 220 bytes...  Are you in the position to use IE6 on a test machine to see if this help to resolve your issue?
An alternative is to install Mozilla or Firefox and test the URL again.  This way you do not interfear with your current IE installation but can eliminate causes.

0
 
Rich RumbleSecurity SamuraiCommented:
http://support.microsoft.com/kb/q208427/ and you url above= 1062 char
What is the firewall again? I don't see the maker of the firewall listed here yet... sounds like the default setting of a netgear firewall
http://www.securiteam.com/securitynews/5VP0P15CUK.html
-rich
0
 
DaGo21Commented:
Hi Richrumble - yes my best bet was also Netgear as mentioned before, however Affno is not providing the details of the infrastructure / vendors.
0
 
tmehmetCommented:
Yeah I asked for more info but not seen anything yet.

There are specific apps that suffer from this problem and need patching (bugs) and like you say it could well be firewall and of course if IIS is used it could be the IIS lockdown tool which configures against long URL's.



0
 
tmehmetCommented:
If you are using IIS6 webserver, the security settings for URL maximum length are set to 260

it can be changed by modifying the registry

HKLM\System\CurrentControlSet\Services\HTTP\Parameters

modify the 'UrlSegmentMaxLength' key.

0
 
pjedmondCommented:
If this is your server that has URLs this long, then you need to do something about it. GET
(the method being used to transfer data is not exactly guaranteed to work with more than 256 chars!
0
 
AffnoAuthor Commented:
They are using Trend Micro "Office Scan"  (Version 6.5,  VSApiNT Version 7.510.1002, TmFilter Version - 7.510.0.1002

Any comments ???
0
 
DaGo21Commented:
Hello Affno,  looking to the responses above it looks like you have some items to check like your browser, webserver and the GET command.
Please post your results based on the given ideas
0
 
AffnoAuthor Commented:
This is one of our clients, they still not stated about their firewall.

· OS and service pack version  - Microsoft Windows 2000 (Version 5.00.2195),  Service Pack 3
· Browser name and version - Microsoft Internet Explorer 5  (Version 5.00.3502.1000)

however, I just simulate above environment. The URL is working fine; but I couldn’t find even a demo version of their virus guard

· Virus Guard name and version - Trend Micro "Office Scan"  (Version 6.5,  VSApiNT Version 7.510.1002, TmFilter Version - 7.510.0.1002)

I have already sent an email to the tech support of this Virus Guard Company. (Explanting the matter)

Waiting for the reply...
0
 
Leon FesterIT Project Change ManagerCommented:
Firstly, answer the questions about the firewall? What firewall is the client running?????
The error message that you are getting is specifically related to the configuration of the firewall. Now maybe the client does not have a firewall installed at their office/location but their ISP could have a firewall installed at their side. Only a firewall would be used to implement blocking of long URL's.

You mention that they have Trend Micro Officescan, that is merely a virus scanner. It would not and should not interfere with you Browsing. A virus scanner only scan document, not URL's.

Your solution is to change the MaxURLLength settings on the Firewall. Fullstop....If you're not looking at the firewall as the problem area, then you're looking in the wrong place, and you're not gonna find a solution.
0
 
AffnoAuthor Commented:
The issue is on their firewall. However I needed to proved it !
And they are not transparent 100% for us, that’s why they didn’t talk about the firewall.

Finally they have agreed to amend the firewall.

Thanks for all !
0
 
Leon FesterIT Project Change ManagerCommented:
Kewl.

P.S. Just read my own post, I sounded kinda rude, just a quick "I Sorry", 1 of those days for me...
0
 
DaGo21Commented:
Thanks, would be good if you could post the outcome and resolution of the adjustment if possible.

Cheers
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 7
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now