WSM Reference Guide - WatchGuard Technologies

More documents

Recommendations

Info

Traffic LogsHTTP Proxy Traffic Log MessagesText in Message FieldAssociated FieldsHTTP INTERNAL ERRORHTTP SERVER RESPONSE TIMEOUTHTTP CLIENT REQUEST TIMEOUTHTTP CLOSE COMPLETE TIMEOUTHTTP START LINE OVERSIZEHTTP REQUEST LINE PARSE ERRORlineHTTP STATUS LINE PARSE ERRORlineHTTP HEADER LINE OVERSIZElineHTTP HEADER BLOCK OVERSIZElineHTTP HEADER BLOCK PARSE ERRORHTTP REQUEST URL PATH MISSINGlineHTTP REQUEST URL MATCHrulenamedstnameargHTTP CHUNK SIZE LINE OVERSIZElineHTTP CHUNK SIZE INVALIDlineHTTP CHUNK CRLF TAIL MISSINGlineHTTP FOOTER LINE OVERSIZElineHTTP FOOTER BLOCK OVERSIZElineHTTP FOOTER BLOCK PARSE ERRORHTTP BODY CONTENT TYPE MATCHrulenameHTTP HEADER MALFORMEDlineHTTP HEADER CONTENT LENGTH INVALIDMessage MeaningValue that appears in associated field(s)The HTTP server did not send a response before the configured timeoutThe HTTP client did not send a request before the configured time-outThe remote host did not promptly complete the closing of the TCPconnection.The first line of the HTTP request or response is larger than theconfigured limit (maximum header line length).The first line of the HTTP request is not in the correct format.header line that caused errorThe first line of the HTTP response is not in the correct format.status line that caused errorThe length of an individual header is greater than the configured limit.header line that exceeded the limitThe total length of all headers for a request or response is greater thanthe configured limit.header line that exceeded the limitThe HTTP header block is not in the correct format.The HTTP request does not include a URL path.request line that caused errorThe HTTP request includes a URL specified in the proxy ruleset.name of rule matched in rulesethost name from requested URLpath and query-string from requested URLThe line setting the size of the next response data chunk has a valuethat is too big.request line that caused errorThe line setting the size of the next response data chunk has an invalidvalue.request line that caused errorThe “carriage-return/line-feed” (CRLF) at the end of a data chunk is notthere.the line that caused the errorThe length of an individual footer line is greater than the configuredlimit.request line that exceeded the limitThe total length of all footers for a request or response is greater thanthe configured limit..footer line that exceeded the limitThe HTTP footer block is not in the correct format.The content type in the response body matches a type configured inthe proxy rule set.name of rule matched in rulesetAn individual HTTP header is not in the correct format.the line with the malformed headerThe Content-Length response header value is not a valid number.34 WatchGuard System Manager
Traffic LogsHTTP Proxy Traffic Log MessagesText in Message FieldAssociated FieldsHTTP HEADER TRANSFER ENCODINGINVALIDHTTP HEADER TRANSFER ENCODINGMATCHrulenameencodingHTTP HEADER CONTENT TYPE MISSINGHTTP HEADER CONTENT TYPE MATCHrulenamecontent_typeHTTP REQUEST VERSION MATCHrulenamelineHTTP REQUEST METHOD MATCHrulenamemethodHTTP HEADER MATCHrulenameheaderHTTP HEADER COOKIE DOMAIN MATCHrulenamedomainHTTP REQUEST HOST MISSINGHTTP HEADER AUTH SCHEME MATCHrulenameschemeHTTP REQUEST METHOD UNSUPPORTEDmethodHTTP REQUEST PORT MISMATCHHTTP REQUEST CATEGORIESMessage MeaningValue that appears in associated field(s)The response header includes illegal or unsupported transferencoding.The response header includes transfer encoding that matches theconfigured proxy rule set.name of rule matched in rulesetTransfer-Encoding header valueThe Content-Type response header, which sets the response bodyMIME type, is missing or has an empty value.The Content-Type response header, which sets the response bodyMIME type, matches the configured proxy rule set.name of rule matched in rulesetvalue of content-type headerThe request protocol version (such as HTTP/1.1) matches theconfigured proxy rule set.name of rule matched in rulesetrequest line that caused errorThe HTTP request method matches the configured proxy rule set.name of rule matched in rulesetrequest method that caused errorThe individual HTTP header (name and value) matches the configuredproxy rule set.name of rule matched in rulesetheader line that matchedThe domain included in the Set-Cookie response header, or if none,then the host set in the request, matches the configured proxy ruleset. (This feature is used to prevent cookies from a specified Web site.)name of rule matched in rulesetdomain parameter from Set-Cookie response header or (if not presentin cookie) hostname in requested URLThe server host name is not included in the request line or in the“host” request header.The WWW-Authenticate response header incudes an authenticationscheme that matches the configured proxy rule set.name of rule matched in rulesetscheme parameter from WWW-Authorize response headerThe request includes a method not currently supported. This canresult from the use of an HTTP-based protocol with additional non-HTTP methods.request method that caused errorThe destination TCP port of the connection does not match the TCPport used in the header. Can indicate an attempt to get access to anoutside proxy server.An HTTP request was denied by WebBlocker.catsdstnameargHTTP SERVICE UNAVAILABLEservicedetailsHTTP REQUEST URL PATH OVERSIZEcomma delimited list of WebBlocker categories which matchhost name from requested URLpath and query-string from requested URLThe WebBlocker server is not responding.name of ProtocolHandler Helperexplanation of problemThe URL component of the HTTP request start line is too big.Reference Guide 35
Page 1 and 2: WatchGuard ® System ManagerReferen
Page 3 and 4: ContentsCHAPTER 1 Internet Protocol
Page 5 and 6: CHAPTER 1Internet Protocol Referenc
Page 7 and 8: Internet Protocol HeaderKeyword Num
Page 9 and 10: Transfer ProtocolsSource RoutingThe
Page 11 and 12: CHAPTER 2MIME Content TypesSoftware
Page 13 and 14: Type Subtype Reference (where avail
Page 23 and 24: CHAPTER 3Services and PortsWell-kno
Page 25 and 26: Well-Known Services ListPort(s) Pro
Page 27 and 28: Well-Known Services ListService Nam
Page 29 and 30: Well-Known Services ListService Nam
Page 31 and 32: CHAPTER 4Log MessagesUnderstanding
Page 33 and 34: Traffic LogsFWAllowEach packet filt
Page 35 and 36: Traffic Logsdst_ip="66.35.250.151"
Page 37: Traffic LogsDNS Proxy Traffic Log M
Page 41 and 42: Alarm LogsPolicy AlarmsDefaultNameP
Page 43 and 44: Alarm LogsDenial of Servce (DoS) Al
Page 45 and 46: Event LogsGateway AntiVirus Service
Page 47 and 48: Event LogsDescription of Log Module
Page 49 and 50: Event LogsEvent Log Message Catalog
Page 59 and 60: Firebox Log File XML DTD and Schema
Page 61 and 62: Firebox® X Edge Log MessagesModule
Page 73 and 74: CHAPTER 5WebBlocker ContentWatchGua
Page 75 and 76: WebBlocker CategoriesCategoryDrugs,
Page 77 and 78: WebBlocker CategoriesCategoryJob Se
Page 79 and 80: CHAPTER 6ResourcesThere are many re
Page 81 and 82: Mailing ListsMailing Listswg-users@
Page 83 and 84: White Hat Web Sitesbeginners. Cons:
Page 85 and 86: Other Web Sitesmaintains a list of
Page 87 and 88: RSS Feedswww.sophos.com/virusinfo/i
Page 89 and 90:
IndexBblocked sites, searching for
show all

WSM Reference Guide - WatchGuard Technologies

Create successful ePaper yourself

Delete template?

Save as template?