Sign in to follow this  
Followers 0
p0d

WatchGuard HTTP proxy

4 posts in this topic

As all schools do, my school is equipped with a proxy/filter. Specifically the WatchGuard HTTP proxy and with 200 kids constantly trying to look at pr0n 24/7 or hitting up google for results on "How do I hack" our blacklist has become fairly comprehensive if not close to all encompassing. Yet every now and then I get blocked for something that really doesn't make sense (at all, but this is common with most filters), for about a month I could not update my Linux box because the file type 'tar/gzip/bzip' was not allowed. The admin is really sensible and complies with most request to unblock really stupid things like that. One time it even blocked .doc files and .pdf, but while Google-mining I got this:

Response denied by WatchGuard HTTP proxy.
Reason: header 'Content-Type' denied rule='Default' value='chemical/x-pdb'
-------------------------------------------------------------------------------------
Method: GET
Host: www.bmb.psu.edu
Path: /nixon/mdls/gzippdb/lambdaOR.pdb
-------------------------------------------------------------------------------------

Why would it block Protein Database Files? Unless the rules state to block any file type it has not heard of, but I think that is giving it to much credit as http://binrev.com is blocked but http://www.binrev.com is not blocked.

Why is this?

Doesn't make any sense to me...:huh:

--p0d

0

Share this post


Link to post
Share on other sites

My guess is it might be a wildcard block of .PD? -- to allow for PDF and the various other adobe-ish file types.

Not that blocking PDF files is especially brilliant or necessary... but if it would also block DOC files, then it's not surprising.

0

Share this post


Link to post
Share on other sites

It is probably a "least privilege" situation. Very tight security using this mindset will lock down EVERYTHING regardless of what it is and only open up those files that are known to be safe and needed. Give the very minimum access that is required in a situation. In this case, they never saw a need to open downloads of that filetype (pdb is also a palm database. I don't know what a protein database is).

Basically it starts fully locked and allows allows what you unlock. pdb was never unlocked.

0

Share this post


Link to post
Share on other sites
It is probably a "least privilege" situation. Very tight security using this mindset will lock down EVERYTHING regardless of what it is and only open up those files that are known to be safe and needed. Give the very minimum access that is required in a situation. In this case, they never saw a need to open downloads of that filetype (pdb is also a palm database. I don't know what a protein database is).

Basically it starts fully locked and allows allows what you unlock. pdb was never unlocked.

Ahh, ok. I thought it was something along these lines. It makes sense to disable EVERYTHING by default and only allow if specified.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0