PDA

View Full Version : Odd firewall (intrusion prevention) issue



Spiny Norman
13-09-2005, 05:47 PM
Had a problem with my new website (www.frostbyte.com.au) in that the OzEmail logo on the front page would not display properly for most people visiting the site (but it worked fine for me). I checked:

- filesystem permissions
- web server HTTP traffic for errors
- even captured TCP/IP dumps
- placed the file in a different directory
- changed the file format from .GIF to .JPG and .PNG

Eventually I twigged that only people outside the corporate network were having trouble viewing this graphic. Went looking on the firewall for potential issues ... and logged in to Big Pond on my notebook so as to test externally. Pregressively disabled sections of the security perimeter until it started working.

Turns out our corporate firewall had two "rules" in the Intrusion Prevention section, relating to Unix-based mail systems (we run Windows 2003, so this wasn't really relevant anyway). At least one of those two rules was looking for the string "mail" in the traffic going through the firewall, and blocking access because it thought it was an intrusion attempt. Duh! The image that was not displaying was called "OzEmail Logo.XXX" and thus was getting caught up in the rules.

So all should now be well (crosses fingers).