The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: HTTP Requests dropped, reason Malformed response resource http://x.y.z.w:80/

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


After upgrading to FireWall-1 4.1 SP3, I started seeing drops when using the HTTP Security Server on some sites. The log entries would look like the following:

action: reject
service: http
source: my ip
destination: 213.69.10.115
rule: 11 (not the security server rule !! this is my http access rule)
info: reason Malformed response resource http://x.y.z.w:80/ 

action: reject
service: http
source: my ip
destination: 
rule: 0
info: reason Malformed request

In the releases Notes to FireWall-1 4.1 SP3 are under the point "Feature Enhancements/Security Servers" are two new addition to objects.C that need to be set to false (for guidelines on editing objects.C, see How do I edit objects.C?.

:http_check_request_validity (false) 
:http_check_response_validity (false) 

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.