WSM Reference Guide - WatchGuard Technologies

More documents

Recommendations

Info

Traffic Logs HTTP Proxy Traffic Log Messages Text in Message Field Associated Fields HTTP INTERNAL ERROR HTTP SERVER RESPONSE TIMEOUT HTTP CLIENT REQUEST TIMEOUT HTTP CLOSE COMPLETE TIMEOUT HTTP START LINE OVERSIZE HTTP REQUEST LINE PARSE ERROR line HTTP STATUS LINE PARSE ERROR line HTTP HEADER LINE OVERSIZE line HTTP HEADER BLOCK OVERSIZE line HTTP HEADER BLOCK PARSE ERROR HTTP REQUEST URL PATH MISSING line HTTP REQUEST URL MATCH rulename dstname arg HTTP CHUNK SIZE LINE OVERSIZE line HTTP CHUNK SIZE INVALID line HTTP CHUNK CRLF TAIL MISSING line HTTP FOOTER LINE OVERSIZE line HTTP FOOTER BLOCK OVERSIZE line HTTP FOOTER BLOCK PARSE ERROR HTTP BODY CONTENT TYPE MATCH rulename HTTP HEADER MALFORMED line HTTP HEADER CONTENT LENGTH INVALID Message Meaning Value that appears in associated field(s) The HTTP server did not send a response before the configured timeout The HTTP client did not send a request before the configured time-out The remote host did not promptly complete the closing of the TCP connection. The first line of the HTTP request or response is larger than the configured limit (maximum header line length). The first line of the HTTP request is not in the correct format. header line that caused error The first line of the HTTP response is not in the correct format. status line that caused error The length of an individual header is greater than the configured limit. header line that exceeded the limit The total length of all headers for a request or response is greater than the configured limit. header line that exceeded the limit The HTTP header block is not in the correct format. The HTTP request does not include a URL path. request line that caused error The HTTP request includes a URL specified in the proxy ruleset. name of rule matched in ruleset host name from requested URL path and query-string from requested URL The line setting the size of the next response data chunk has a value that is too big. request line that caused error The line setting the size of the next response data chunk has an invalid value. request line that caused error The “carriage-return/line-feed” (CRLF) at the end of a data chunk is not there. the line that caused the error The length of an individual footer line is greater than the configured limit. request line that exceeded the limit The total length of all footers for a request or response is greater than the configured limit.. footer line that exceeded the limit The HTTP footer block is not in the correct format. The content type in the response body matches a type configured in the proxy rule set. name of rule matched in ruleset An individual HTTP header is not in the correct format. the line with the malformed header The Content-Length response header value is not a valid number. 34 WatchGuard System Manager
Traffic Logs HTTP Proxy Traffic Log Messages Text in Message Field Associated Fields HTTP HEADER TRANSFER ENCODING INVALID HTTP HEADER TRANSFER ENCODING MATCH rulename encoding HTTP HEADER CONTENT TYPE MISSING HTTP HEADER CONTENT TYPE MATCH rulename content_type HTTP REQUEST VERSION MATCH rulename line HTTP REQUEST METHOD MATCH rulename method HTTP HEADER MATCH rulename header HTTP HEADER COOKIE DOMAIN MATCH rulename domain HTTP REQUEST HOST MISSING HTTP HEADER AUTH SCHEME MATCH rulename scheme HTTP REQUEST METHOD UNSUPPORTED method HTTP REQUEST PORT MISMATCH HTTP REQUEST CATEGORIES Message Meaning Value that appears in associated field(s) The response header includes illegal or unsupported transfer encoding. The response header includes transfer encoding that matches the configured proxy rule set. name of rule matched in ruleset Transfer-Encoding header value The Content-Type response header, which sets the response body MIME type, is missing or has an empty value. The Content-Type response header, which sets the response body MIME type, matches the configured proxy rule set. name of rule matched in ruleset value of content-type header The request protocol version (such as HTTP/1.1) matches the configured proxy rule set. name of rule matched in ruleset request line that caused error The HTTP request method matches the configured proxy rule set. name of rule matched in ruleset request method that caused error The individual HTTP header (name and value) matches the configured proxy rule set. name of rule matched in ruleset header line that matched The domain included in the Set-Cookie response header, or if none, then the host set in the request, matches the configured proxy rule set. (This feature is used to prevent cookies from a specified Web site.) name of rule matched in ruleset domain parameter from Set-Cookie response header or (if not present in cookie) hostname in requested URL The server host name is not included in the request line or in the “host” request header. The WWW-Authenticate response header incudes an authentication scheme that matches the configured proxy rule set. name of rule matched in ruleset scheme parameter from WWW-Authorize response header The request includes a method not currently supported. This can result from the use of an HTTP-based protocol with additional non- HTTP methods. request method that caused error The destination TCP port of the connection does not match the TCP port used in the header. Can indicate an attempt to get access to an outside proxy server. An HTTP request was denied by WebBlocker. cats dstname arg HTTP SERVICE UNAVAILABLE service details HTTP REQUEST URL PATH OVERSIZE comma delimited list of WebBlocker categories which match host name from requested URL path and query-string from requested URL The WebBlocker server is not responding. name of ProtocolHandler Helper explanation of problem The URL component of the HTTP request start line is too big. Reference Guide 35
Page 1 and 2: WatchGuard ® System Manager Refere
Page 3 and 4: Contents CHAPTER 1 Internet Protoco
Page 5 and 6: CHAPTER 1 Internet Protocol Referen
Page 7 and 8: Internet Protocol Header Keyword Nu
Page 9 and 10: Transfer Protocols Source Routing T
Page 11 and 12: CHAPTER 2 MIME Content Types Softwa
Page 13 and 14: Type Subtype Reference (where avail
Page 23 and 24: CHAPTER 3 Services and Ports Well-k
Page 25 and 26: Well-Known Services List Port(s) Pr
Page 27 and 28: Well-Known Services List Service Na
Page 29 and 30: Well-Known Services List Service Na
Page 31 and 32: CHAPTER 4 Log Messages Understandin
Page 33 and 34: Traffic Logs FWAllow Each packet fi
Page 35 and 36: Traffic Logs dst_ip="66.35.250.151"
Page 37: Traffic Logs DNS Proxy Traffic Log
Page 41 and 42: Alarm Logs Policy Alarms Default Na
Page 43 and 44: Alarm Logs Denial of Servce (DoS) A
Page 45 and 46: Event Logs Gateway AntiVirus Servic
Page 47 and 48: Event Logs Description of Log Modul
Page 49 and 50: Event Logs Event Log Message Catalo
Page 59 and 60: Firebox Log File XML DTD and Schema
Page 61 and 62: Firebox® X Edge Log Messages Modul
Page 73 and 74: CHAPTER 5 Using the Firebox LCD Use
Page 75 and 76: Firebox Boot Countdown Firebox Boot
Page 77 and 78: Using the LCD Interface in Firebox
Page 79 and 80: CHAPTER 6 WebBlocker Content WatchG
Page 81 and 82: WebBlocker Categories Category Drug
Page 83 and 84: WebBlocker Categories Category Job
Page 85 and 86: CHAPTER 7 Resources There are many
Page 87 and 88: Mailing Lists Mailing Lists wg-user
Page 89 and 90:
White Hat Web Sites beginners. Cons
Page 91 and 92:
Other Web Sites maintains a list of
Page 93 and 94:
RSS Feeds www.sophos.com/virusinfo/
Page 95 and 96:
Index B blocked sites, searching fo
show all

WSM Reference Guide - WatchGuard Technologies

Create successful ePaper yourself

Delete template?

Save as template?