Question/Issue:
You want to know how to protect your Web servers against directory traversal attacks using Symantec Enterprise Firewall.


Solution:
HTTP URL patterning can be used to protect the internal hosts from being accessed illegally by using embedded encoding characters in URL strings. The httpurlpattern.cf file contains a sample list of potentially harmful expressions. When incoming URLs are checked against this file, if the URL matches an expression in the list, access is denied.

You can configure the URL pattern policy to block any URL with embedded encoding characters by using a regular expression such as ".*%[0-9a-fA-F]+". For additional flexibility, you can apply the URL pattern restrictions at the rule level. This provides the necessary granularity for each site to customize the rules and patterns to fit its unique needs.

To minimize the risks associated with URL buffer overflow techniques, Symantec recommends that you keep the Web servers patched to the vendor's latest specifications. Additionally, Symantec offers a number of host-based intrusion detention products that together with Symantec Enterprise Firewall provide defense-in-depth protection for your application servers.

More Info:
For more information on regular expressions, see the Symantec Knowledge Base article, Introduction to using Regular Expressions.

Document ID: 2003032507434754
Last Modified: 03/25/2003
Date Created: 03/25/2003
Operating System(s): Windows NT 4.0, Windows 2000, Solaris 2.6, Solaris 2.7, Solaris 8, Appliance
Product(s): Symantec Enterprise Firewall 6.5, Symantec Enterprise Firewall 7.x, Symantec Gateway Security Appliance 1.0, Symantec VelociRaptor 1.1, Symantec VelociRaptor 1.5
Release(s): Symantec Enterprise Firewall 6.5.2, Symantec Enterprise Firewall 7.0, Symantec Gateway Security Appliance 1.0, Symantec VelociRaptor 1.1, Symantec VelociRaptor 1.5