FireWall-1 FAQ: HTTP Requests dropped, reason Malformed response resource http://x.y.z.w:80/
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
After upgrading to FireWall-1 4.1 SP3, I started seeing drops when using the HTTP Security Server on some sites. The log entries would look like the following:
action: reject service: http source: my ip destination: 126.96.36.199 rule: 11 (not the security server rule !! this is my http access rule) info: reason Malformed response resource http://x.y.z.w:80/ action: reject service: http source: my ip destination: rule: 0 info: reason Malformed request
In the releases Notes to FireWall-1 4.1 SP3 are under the point "Feature Enhancements/Security Servers" are two new addition to objects.C that need to be set to false (for guidelines on editing objects.C, see How do I edit objects.C?.
:http_check_request_validity (false) :http_check_response_validity (false)