Results 1 to 5 of 5

Thread: Remove Private Header Info - Problem

  1. #1
    grumpyoldbloke Guest

    Default Remove Private Header Info - Problem

    Customer had a problem accessing my website. Turns out it is the "Remove Private Header" setting in ZA.
    It is clashing with some of the protocol rule-sets in the mod-security addon to apache.
    The ZA setting seems to change the line starting User-Agent: Mozilla..etc. to capital X characters. Unfortunately it does this for the whole line - including the token!
    So the line becomes XXXXXXXXXX: XXXXXXX etc.
    Why overwrite the TOKEN? Overwrite the data by all means, so Mozilla etc becomes XXXXXX etc. but leave the User-Agent: intact.
    Mod-security is reporting that the incoming request packet contains no User-Agent data, which is a protocol error, and suspects an attack.
    Does anyone in ZA know why they chose to overwrite the token as well as the data?
    Wouldn't "User-Agent: XXXXXXXXXXXXXXXXXXXX" be acceptable from both a security and an operational viewpoint?

    Incidentally, the "remove private header" setting also seems to knock out the Accept-Encoding: line as well, at least in my tests the header line:
    Accept-Encoding: gzip,deflate became XXXXXXXXXXXXXXX: XXXXXXXXXXXX.
    I would have thought knocking out this header was going to cause problems. Doesn't the server need to know the encodings the browser will accept??

    I think the apache mod-security module is in fairly common use, so I'm amazed other people are not reporting issues. I got all the XXXX stuff from the mod-security debug trace.

    Cheers.

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,473

    Default Re: Remove Private Header Info - Problem


    <BLOCKQUOTE><HR>GrumpyOldBloke wrote:
    Customer had a problem accessing my website. Turns out it is the "Remove Private Header" setting in ZA.
    It is clashing with some of the protocol rule-sets in the mod-security addon to apache.
    The ZA setting seems to change the line starting User-Agent: Mozilla..etc. to capital X characters. Unfortunately it does this for the whole line - including the token!
    So the line becomes XXXXXXXXXX: XXXXXXX etc.
    Why overwrite the TOKEN? Overwrite the data by all means, so Mozilla etc becomes XXXXXX etc. but leave the User-Agent: intact.
    Mod-security is reporting that the incoming request packet contains no User-Agent data, which is a protocol error, and suspects an attack.
    Does anyone in ZA know why they chose to overwrite the token as well as the data?
    Wouldn't "User-Agent: XXXXXXXXXXXXXXXXXXXX" be acceptable from both a security and an operational viewpoint?

    Incidentally, the "remove private header" setting also seems to knock out the Accept-Encoding: line as well, at least in my tests the header line:
    Accept-Encoding: gzip,deflate became XXXXXXXXXXXXXXX: XXXXXXXXXXXX.
    I would have thought knocking out this header was going to cause problems. Doesn't the server need to know the encodings the browser will accept??

    I think the apache mod-security module is in fairly common use, so I'm amazed other people are not reporting issues. I got all the XXXX stuff from the mod-security debug trace.

    Cheers.

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

    <HR></BLOCKQUOTE>
    to the Zone Alarm User Forum..VERY IMPORTANT: Please Report the details of your Problem Directly to ZA Tech Support for FREE at www.zonealarm.com/tsform (preferably withIE Browser) The more Users that Report this Apache Web-Server mod-security moduleproblem directly to Tech Support, with their Details and what they did to try and resolve the issue, the Sooner Tech support will find a FIX for the problem..Tech Support may ask for your ZA Log Files, and tell you how to do that..--------------------------------------------------------
    My XP SP3 :
    ZoneAlarm Security Suite version:8.0.052.000 BETA (32-Bit)
    TrueVector version:8.0.052.000
    Driver version:8.0.052.000
    Anti-virus engine version:6.0.2.678
    Anti-virus signature DAT file version:960126722
    Anti-spyware engine version:5.0.202.0
    Anti-spyware signature DAT file version:01.200809.4685
    AntiSpam version:5.0.61.9957

    Message Edited by GeorgeV on 09-26-2008 10:28 AM
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    grumpyoldbloke Guest

    Default Re: Remove Private Header Info - Problem

    OK copied over to ZA support, will report back responses.

  4. #4
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,473

    Default Re: Remove Private Header Info - Problem


    <BLOCKQUOTE><HR>GrumpyOldBloke wrote:
    OK copied over to ZA support, will report back responses.
    <HR></BLOCKQUOTE>
    Thank you for your Feedback..Many years ago I ran Apache Web-Server for several Years with ZoneAlarm Free version 4.5, 5.x on a Dialup Connection with a dedicated Phone line and Fixed IP numberBut when my ISP got Bought out be another company who did not allow Servers on Residential Service..Let us know what you find out from Tech Support..--------------------------------------------------------
    My XP SP3 :
    ZoneAlarm Security Suite version:8.0.055.000 32-Bit BETA
    TrueVector version:8.0.055.000
    Driver version:8.0.055.000
    Anti-virus engine version:6.0.2.678
    Anti-virus signature DAT file version:960594173
    Anti-spyware engine version:5.0.202.0
    Anti-spyware signature DAT file version:01.200810.4705
    AntiSpam version:5.0.61.9957
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    grumpyoldbloke Guest

    Default Re: Remove Private Header Info - Problem

    ZA Support not interested.
    Copy and pasted the original report with minor edits and got back a two-part response.
    1. Says that Support are not allowed to discuss how the product works.
    2. Was a bunch of idiots-guide boiler plate about the Privacy settings.
    So I doubt that the suspect Private header functions ever got as far as a developer. Pity.

    Some years ago we used to set our first-line helpdesk the target of dealing with 80% of incoming calls themselves so as not to overload second-line or the developers.
    We later found out that they were meeting their target by re-defining what &quot;dealing with&quot; meant. Hopefully ZA have not set their helpdesk similar targets!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •