?
Solved

Long URL blocking ??

Posted on 2005-03-08
22
Medium Priority
?
801 Views
Last Modified: 2008-02-01
Hi,

When we acessing long URLs, IE 5.5 borwser is giving,

"Error! The URL is too long and the firewall is set to block it. Please contact your system administrator for help."


How can we avoid this ??

Thanks !
 
0
Comment
Question by:Affno
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 4
  • +3
22 Comments
 
LVL 5

Expert Comment

by:tmehmet
ID: 13484761
do you have a firewall blocking URL's as per the warning message ?

Do you have any security settings on the webserver that block long URL's?

long URL's are a common attack so it may be blocked.
0
 
LVL 4

Accepted Solution

by:
DaGo21 earned 600 total points
ID: 13484956
If I remember correctly this was partly because of security issues in webpages.  The following information does illustrate this.  

When a filter on a URL is placed and the rule is triggered, the person attempting to view the URL will receive an HTML page saying, "Block by Firewall". However, if the URL used to access the site is longer than 220 bytes, no triggering will occur and the request will be silently approved.

For example, a URL such as the following is possible:
http://www.scip.ch/?%20%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20

An attacker may be able to evade the URL black list and get access to disallowed resources.
0
 
LVL 1

Author Comment

by:Affno
ID: 13484991
Yeah that's correct, but in a web based application there was a long URL exactly it's like your example.
Any way , how can we avoid this situation. Application con not be changed !  Please advice !
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 5

Expert Comment

by:tmehmet
ID: 13485168
what else can yu tell us about the App?

what OS is webserver?
have you tried IE 6 or Firefox browser ? is it specific to IE5.5 ??

dont really know how to advise you unless we know a little more info.

does this site take care of your problem? it shortens URLS so you can share them.

www.tinyurl.co.uk




0
 
LVL 4

Expert Comment

by:DaGo21
ID: 13485340
Affno,

Can you try to upgrade 1 PC to for example IE6 and see if the problem still exists?  If not it might be an option to upgrade you entire field.  If this cannot be done (e.g. company policies) you can check when it stopped working and check your firewall vendor.

Which firewall are you using?

0
 
LVL 1

Author Comment

by:Affno
ID: 13485417
I'll check and update you guys !
0
 
LVL 1

Author Comment

by:Affno
ID: 13485666
DaGo21;
When a filter on a URL is placed and the rule is triggered, the person attempting to view the URL will receive an HTML page saying, "Block by Firewall". However, if the URL used to access the site is longer than 220 bytes, no triggering will occur and the request will be silently approved.


Can you explain this for me please ?
0
 
LVL 4

Expert Comment

by:DaGo21
ID: 13485837
The long URL the example is just  a website, however with %20 (space) behind them.  They exceed the 220 bytes, however in reality resolving by the browser, it's not.  Are you using Netgear Equipment?

Can you provide a sample URL, OS, Webserver, Firewall, is the webserver on the local LAN, are you using a PC firewall or hardware bewtween the evil world and you company, etc.
0
 
LVL 4

Expert Comment

by:DaGo21
ID: 13486000
As quick test learns me this exceeds the 220 bytes...  Are you in the position to use IE6 on a test machine to see if this help to resolve your issue?
An alternative is to install Mozilla or Firefox and test the URL again.  This way you do not interfear with your current IE installation but can eliminate causes.

0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 600 total points
ID: 13486352
http://support.microsoft.com/kb/q208427/ and you url above= 1062 char
What is the firewall again? I don't see the maker of the firewall listed here yet... sounds like the default setting of a netgear firewall
http://www.securiteam.com/securitynews/5VP0P15CUK.html
-rich
0
 
LVL 4

Expert Comment

by:DaGo21
ID: 13486363
Hi Richrumble - yes my best bet was also Netgear as mentioned before, however Affno is not providing the details of the infrastructure / vendors.
0
 
LVL 5

Expert Comment

by:tmehmet
ID: 13486395
Yeah I asked for more info but not seen anything yet.

There are specific apps that suffer from this problem and need patching (bugs) and like you say it could well be firewall and of course if IIS is used it could be the IIS lockdown tool which configures against long URL's.



0
 
LVL 5

Expert Comment

by:tmehmet
ID: 13487291
If you are using IIS6 webserver, the security settings for URL maximum length are set to 260

it can be changed by modifying the registry

HKLM\System\CurrentControlSet\Services\HTTP\Parameters

modify the 'UrlSegmentMaxLength' key.

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13488007
If this is your server that has URLs this long, then you need to do something about it. GET
(the method being used to transfer data is not exactly guaranteed to work with more than 256 chars!
0
 
LVL 1

Author Comment

by:Affno
ID: 13492846
They are using Trend Micro "Office Scan"  (Version 6.5,  VSApiNT Version 7.510.1002, TmFilter Version - 7.510.0.1002

Any comments ???
0
 
LVL 4

Expert Comment

by:DaGo21
ID: 13493591
Hello Affno,  looking to the responses above it looks like you have some items to check like your browser, webserver and the GET command.
Please post your results based on the given ideas
0
 
LVL 1

Author Comment

by:Affno
ID: 13493598
This is one of our clients, they still not stated about their firewall.

· OS and service pack version  - Microsoft Windows 2000 (Version 5.00.2195),  Service Pack 3
· Browser name and version - Microsoft Internet Explorer 5  (Version 5.00.3502.1000)

however, I just simulate above environment. The URL is working fine; but I couldn’t find even a demo version of their virus guard

· Virus Guard name and version - Trend Micro "Office Scan"  (Version 6.5,  VSApiNT Version 7.510.1002, TmFilter Version - 7.510.0.1002)

I have already sent an email to the tech support of this Virus Guard Company. (Explanting the matter)

Waiting for the reply...
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 300 total points
ID: 13504190
Firstly, answer the questions about the firewall? What firewall is the client running?????
The error message that you are getting is specifically related to the configuration of the firewall. Now maybe the client does not have a firewall installed at their office/location but their ISP could have a firewall installed at their side. Only a firewall would be used to implement blocking of long URL's.

You mention that they have Trend Micro Officescan, that is merely a virus scanner. It would not and should not interfere with you Browsing. A virus scanner only scan document, not URL's.

Your solution is to change the MaxURLLength settings on the Firewall. Fullstop....If you're not looking at the firewall as the problem area, then you're looking in the wrong place, and you're not gonna find a solution.
0
 
LVL 1

Author Comment

by:Affno
ID: 13504852
The issue is on their firewall. However I needed to proved it !
And they are not transparent 100% for us, that’s why they didn’t talk about the firewall.

Finally they have agreed to amend the firewall.

Thanks for all !
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 13504867
Kewl.

P.S. Just read my own post, I sounded kinda rude, just a quick "I Sorry", 1 of those days for me...
0
 
LVL 4

Expert Comment

by:DaGo21
ID: 13543402
Thanks, would be good if you could post the outcome and resolution of the adjustment if possible.

Cheers
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
A look at what happened in the Verizon cloud breach.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question