"Fossies" - the Fresh Open Source Software Archive

Member "mod_gzip-1.3.26.1a/docs/manual/english/firewalls.htm" (30 Sep 2002, 5600 Bytes) of package /linux/www/apache_httpd_modules/old/mod_gzip-1.3.26.1a.tgz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) HTML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.

    1 <?xml version="1.0" encoding="iso-8859-1" ?>
    2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    3 <html xmlns="http://www.w3.org/1999/xhtml">
    4 
    5 <head>
    6  <title>How do Firewalls handle 'Content-Encoding:'?</title>
    7  <meta name="author"      content="Michael Schr&ouml;pl" />
    8  <meta name="description" content="A description of the behaviour of some firewalls regarding compressed page contents" />
    9  <meta name="keywords"    content="firewall, HTTP, encoding, gzip, compression" />
   10  <style type="text/css">
   11 body{font-family:sans-serif;margin:0px 30px 0px 30px;}
   12 h1{font-size:22px;margin-top:20px;}
   13 h2{font-size:18px;margin-top:14px;}
   14 small{font-size:80%;}
   15 td{vertical-align:top;}
   16 tt{font-weight:bold;}
   17 code,tt{font-family:"Courier New",monospace;}
   18 h1,h2{margin-bottom:1px;}
   19 p,td{margin-top:3px;margin-bottom:3px;}
   20 p,ul,ol,li{font-size:17px;line-height:22px;}
   21 ul,ol,li{margin-top:0px;margin-bottom:0px;}
   22 img{border-width:0;}
   23 
   24 #nav{position:absolute;top:30px;left:0px;font-size:14px;width:170px;font-weight:bold;margin:2px 2px 2px 30px;}
   25 #nav[id]{position:fixed;}
   26 #nav img{margin:5px;}
   27 #nav p, #nav a:hover, #nav a{display:block;padding:3px;margin:2px;width:150px;font-size:15px;line-height:18px;}
   28 #content{position:absolute;left:220px;right:30px;}
   29 #mail{text-align:right;}
   30 #icon{width:190px;float:left;}
   31 #mail,#icon{margin-top:30px;}
   32 
   33 @media screen {
   34 body{color:#000;background-color:#f8ebd9;}
   35 h1{color:#666;}
   36 h2{color:#840;}
   37 code{color:#333;}
   38 em{color:#900;}
   39 tt{color:#909;}
   40 h1,h2,code,em,tt{background-color:inherit;}
   41 .new13192a{color:#inherit;background-color:#ffd;}
   42 .new13261a{color:#inherit;background-color:#eff;}
   43 .bugfix{color:#fff;background-color:#f00;font-weight:bold;padding:0px 4px;}
   44 #nav a{color:#530;background-color:transparent;}
   45 #nav a{text-decoration:none;}
   46 #nav p, #nav a:hover{color:#000;background-color:#fff;}
   47 #nav p {border:1px #660 solid;}
   48 #nav a {border:1px #666 dotted;}
   49 }
   50 
   51 @media print {
   52 #icon,#nav{display:none;}
   53 #content{position:absolute;left:0px;right:0px;}
   54 }
   55  </style>
   56 </head>
   57 
   58 <body>
   59 
   60 <div id="nav">
   61 
   62 <img src="mod_gzip_logo.gif" height="47" width="102" alt="mod_gzip logo" />
   63 
   64 
   65 <a title="mod_gzip - what's that, anyway?" href="index.htm">mod_gzip</a>
   66 
   67 
   68 
   69 <a title="Compression of HTTP content using Content-Encoding" href="encoding.htm">Content-Encoding</a>
   70 
   71 
   72 
   73 <a title="Which browsers can handle 'Content-Encoding: gzip'?" href="browser.htm">Browsers</a>
   74 
   75 
   76 
   77 <p>Firewalls</p>
   78 
   79 
   80 
   81 <a title="An example configuration for mod_gzip" href="config.htm">Configuration</a>
   82 
   83 
   84 
   85 <a title="Complete description of mod_gzip status codes" href="status.htm">Status Codes</a>
   86 
   87 
   88 
   89 <a title="Possible enhancements in future versions of mod_gzip" href="enhancements.htm">Enhancements</a>
   90 
   91 
   92 
   93 <a title="Caching of negotiated HTTP responses" href="cache.htm">Caching</a>
   94 
   95 
   96 
   97 <a title="Version history and change log for mod_gzip" href="versions.htm">Versions</a>
   98 
   99 
  100 
  101 <a title="Other ressources about mod_gzip" href="links.htm">Links</a>
  102 
  103 
  104 </div>
  105 
  106 <div id="content">
  107 
  108 <h1>How do Firewalls handle <code>Content-Encoding: gzip</code> ?</h1>
  109 
  110 <h2><a id="task"></a>Tasks of a firewall</h2>
  111 <p>One of the tasks of a firewall - whether company firewall or personal firewall on a client computer - is to remove 'dangerous' or 'unwanted' contents from received data.</p>
  112 <p>This implies that the firewall <em>understands</em> this content.</p>
  113 <p>Of course a correctly working firewall could just understand and unzip compressed content - as the procedure to be used is explicitly named inside the <code>Content-Encoding</code> HTTP header of the response.</p>
  114 
  115 <h2><a id="easyway"></a>The 'easy way out'</h2>
  116 <p>But some firewalls aren't just capable of doing so. As they still try to fulfill their task, they do something very unwanted: They just remove the <code>Accept-Encoding</code> header from the request to be sent!</p>
  117 <p>By this no correctly working server will try to send encoded data now ... that's not really what we wanted because the transfer speed may potentially suffer massively from this.</p>
  118 <p><em>Very stupid</em> Firewalls, like <strong>Zone Alarm</strong>, simply overwrite the <code>Accept-Encoding</code> header with arbitrary characters, like <code>Xxxxxx-Xxxxxxx: xxxx, xxxxxxx</code>. This will save them from sending the modified request packet in parts - they just throw the whole buffer to the communication line, as its length just hasn't changed.</p>
  119 <p><em>A little less stupid</em> firewalls, like <strong>Cequrux</strong> from Version 4.1.8, read the HTTP header line by line and completely remove the <code>Accept-Encoding</code> line. Nevertheless this is just as annoying.</p>
  120 
  121 <h2><a id="recognize"></a>How can I recognize this type of behaviour</h2>
  122 <p>At least the user of a firewall has the opportunity to send some request to a <a href="http://www.schroepl.net/cgi-bin/http_trace.pl"><img class="linkicon" height="15" width="16" alt="arrow" title="external" src="extern.gif" />program</a> of his choice in the WWW and let it display the HTTP headers it received - so that at the user least knows what he got involved in ...</p>
  123 
  124 <div id="icon">
  125  <a href="http://validator.w3.org/check/referer"><img alt="" title="valid XHTML 1.1" height="31" width="88" src="valid-xhtml11.png" /></a><a href="http://jigsaw.w3.org/css-validator/check/referer"><img alt="" title="valid CSS" height="31" width="88" src="valid-css.png" /></a>
  126 </div>
  127 
  128 
  129 <p id="mail">(<a href="mailto:michael.schroepl&#x40;gmx.de?subject=mod_gzip">Michael Schr&ouml;pl</a>, 2002-08-30)</p>
  130 
  131 </div>
  132 
  133 </body>
  134 </html>