HTTP Anti-Virus Proxy :: View topic - Invalid server header

30/10/2006 10:29:44 === Starting HAVP Version: 0.82
30/10/2006 10:29:44 Change to user havp
30/10/2006 10:29:44 Change to group havp
30/10/2006 10:29:44 --- Initializing Clamd Socket Scanner
30/10/2006 10:29:44 Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
30/10/2006 10:29:44 --- All scanners initialized
30/10/2006 10:29:44 Process ID: 3927
30/10/2006 10:30:24 (127.0.0.1) Invalid server header received (www.ofusa.net:80)
30/10/2006 10:30:34 (127.0.0.1) Invalid server header received (www.sprdealerservices.com:80)
30/10/2006 10:30:38 (127.0.0.1) Invalid server header received (liveupdate.symantecliveupdate.com:80)

Author:	hanman [ 31 Oct 2006 19:29 ]
Post subject:	Invalid server header
i'm using HAVP .82 with copfilter for ipcop. i've been very satisfied with the performace so far except for one thing. it's been giving me an error on certain webpages. it complains in the log about an invalid server header. here is the log: Code: 30/10/2006 10:29:44 === Starting HAVP Version: 0.82 30/10/2006 10:29:44 Change to user havp 30/10/2006 10:29:44 Change to group havp 30/10/2006 10:29:44 --- Initializing Clamd Socket Scanner 30/10/2006 10:29:44 Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature) 30/10/2006 10:29:44 --- All scanners initialized 30/10/2006 10:29:44 Process ID: 3927 30/10/2006 10:30:24 (127.0.0.1) Invalid server header received (www.ofusa.net:80) 30/10/2006 10:30:34 (127.0.0.1) Invalid server header received (www.sprdealerservices.com:80) 30/10/2006 10:30:38 (127.0.0.1) Invalid server header received (liveupdate.symantecliveupdate.com:80) in the actual browser, it has the standard HAVP warning. turning off HAVP allows us to see the page fine. i added the page to the HAVP whitelist, but it still does the same thing. has anyone else seen this problem? thanks for the help.

Author:	hege [ 31 Oct 2006 21:35 ]
Post subject:
Does it fail after login or directly at http://www.ofusa.net/ ? I assume you see "Invalid request" error? Seems to work fine here with 0.82.. perhaps you have some MTU problem with those sites.

Author:	hanman [ 31 Oct 2006 22:24 ]
Post subject:
to be more specific, it gives that error after logging in and using the RMA services, which has some java forms/reports embedded into the page. i even added .JFM, .JRP, and .ISV files to the whitelist, to no avail. Here are the entries i have added to the whitelist: Code:* .ofusa.net/ /.jfm /.jrp /.isv .symantecliveupdate.com/ .sprdealerservices.com/ oh, i also made sure to enable the whitelist in the HAVP conf. the sprdealerservices website is the one i am most concerned with. i just noticed the other sites in the error log and thought to fix them too, even though i have not received any complaints about them yet. anyway, thanks for the speedy response.

Author:	hege [ 31 Oct 2006 23:08 ]
Post subject:
Well, whitelist only stops the scanning, it doesn't stop "invalid" headers coming in. That's why Squid in front is handy so you can bypass HAVP completely. I could probably fix the bug if I got access to the sites, or perhaps I can send you a version of HAVP with better debugging. Let me know privately if you want either.. Cheers, Henrik

HTTP Anti-Virus Proxy http://havp.hege.li/forum/

Invalid server header http://havp.hege.li/forum/viewtopic.php?f=3&t=178	Page 1 of 1

Page 1 of 1	All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/