• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 515
  • Last Modified:

No content type from a server - What could be wrong?

Hello

I have an issue where our Watchguard X700 blocks a file download with the following error:

WatchGuard firewall: Response denied from http://10.67.1.55:80/felixo_ui_misc/process_documents.aspx: Content type required

(The IP has been changes to hide identity).

This is when we choose to download a pdf document from our test web site via a link. Our identical production server does not give this message and all is well, through the same firewall.

Can anyone guide me to where this problem might be as both server should be configured the same and the web pages should be the same too? A web server problem or a firewall problem?

Regards
0
Xavior2K3
Asked:
Xavior2K3
  • 4
  • 4
1 Solution
 
Xavior2K3Author Commented:
Thanks for your reply but unfortunately the links you provided do not help.

My question is: The web server admin says that both servers are the same and blames the firewall, yet one server gives this error and the other does not. I can't see that the problem is on the firewall. I guess I am hopeing that someone agrees with me or tell me what could be the problem on the firewall? I do not want to switch off the alarm (untick Require Content Type). Any thoughts?
0
 
dpk_walCommented:
You must be using proxied HTTP Service; there are few things that can be done:
1. Configure HTTP proxy service to allow anything which it does not understand; by going into properties tab; click View/Edit Proxy; go to Content type; click "Change View" button; at the bottom you have option to set it from default deny to allow.
2. Configure one proxiedHTTP service specifically for this website, and configure it to allow default content type; and configure it as below:
Enabled and Allowed; from any-trusted OR specific-machine-ip/subnet; to public-ip-the-website
3. If you do not wish any filtering to happen for the website then in case2; configure packet HTTP Service instead.

Thank you.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Xavior2K3Author Commented:
Hi and thanks for your comment.

I think you're saying "switch of the alarm" in that this is how to configure the firwewall to allow bad headers; at least for this site! I am very reluctant to do that.

Would you agree this is a workaround for a web site error?
0
 
dpk_walCommented:
Yes I agree this is a workaround for any web site error; also for anything which WG proxy service do not understand, in very few cases there is a limitation of proxy service as well.

If the access to website is business critical then depending on your business decision you might want to open up the website; if no then you would keep blocking the website.

There are options where we can configure access from a specific user IP [must be having static IP] or authentication based access [where the user must authenticate through a java applet to gain access].

Please let know how would you like to proceed.

Thank you.
0
 
Xavior2K3Author Commented:
Thanks again for your reply

My own feeling are that I should keep pursuing the web people to correct the issue, given that the production server is fine and test server is not, when they are supposed to be identical. Have you any thoughts on that?

However, if the web admin/programmers remain stubborn, your suggestions look perfectly sound.
0
 
dpk_walCommented:
If the web admin can correct the problem that would be good; you would not need to create exceptions in policy.

Thank you.
0
 
Xavior2K3Author Commented:
Sorry, closed it with thanking you...

Thanks for your reply. It is the solution that's best - I'll try to push the web admin for the fix.

All the best.
0
 
dpk_walCommented:
Thank you for the points.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now